Kuzovkin Alexey Viktorovich is the general director of “Infosoft” company and ex-chairman of the board of directors in the company group “Armada.” Alexey Viktorovich has vast experience in managing innovative IT projects. Alexey Kuzovkin told us why Western countries’ sanctions encourage the Russian IT sector to develop.
TLS is a protocol for establishing authenticated and codified connections between network computers. It represents a digital signature for connecting the website securely.
It is a standard protocol that makes your Internet connection safe, providing secure exchange of any confidential data between two systems. It doesn’t allow other sides to look through or change any information transmitted. It is impossible to read all kinds of transported data: logins and passwords, emails, and financial details.
The server sends a TLS certificate once you connect to the website.
TLS certificates include the following information:
- Name of the object domain;
- Object organization;
- Name of eminent certification authority;
- Open key;
- Supplementary domain names of subjects, including subdomains;
- Date of issue;
- Date of expiring;
- Signature of the certification authority (CA).
TLS guarantees that the data is codified securely and is unreadable for third parties.
The connection between TLS and SSL certificates
SSL certificate is a type of data containing an available key, identifying the resource owner, and other information. It is the file installed on the initial server. TLS cannot codify traffic without an SSL certificate.
A protected website has an SSL certificate. You can check it by controlling the presence of a lock icon on the left of the URL and the URL address prefix HTTPS instead of HTTP.
The SSL/TLS protocol is used to codify traffic of any kind, making secure Internet connection and commerce possible. TLS uses a mix of symmetrical and asymmetrical encryption methods. Symmetrical encryption is used to ensure the security of data exchange between the browser and the web server. The balanced approach codifies and decodes data using a secret key known by the sender and the receiver; usually, it has a weight of 128 bits. However, 256-bit is better (everything that is less than 80-bit is considered to be insecure). Symmetrical encryption is efficient in terms of calculations; the usage of a shared secret key means the necessity of safe exchange of it.
Asymmetrical encryption is used for exchanging generated symmetrical keys that prove the client’s and server’s authenticity. Such type of cryptography utilizes two cryptographic keys: open and closed ones.
The term TLS handshaking
TLS handshaking is responsible for establishing a secure connection between the client and server. As clients visit a website through HTTPS, the browser and server make a TLS handshaking.
The TLS handshaking is necessary for the following:
- Adjustment of code kits and TLS version.
- Identification of server and client.
- Key exchange.
There are two well-spread versions of TLS handshaking: TLS 1.2 and TLS 1.3. TLS 1.3 was published by IETF in 2018 as RFC 8446. It is an updated version of TLS 1.2. The process includes four main steps:
Step 1: Hello, client.
To start a TLS handshaking, a client sends the „Clienthello” message to a server.
Step 2: Hello, server.
As the server receives the message, it will confirm if it supports your TLS version and will respond with the information about the version and the code kit chosen.
To carry the authentification out, the server will specify its SSL certificate.
Step 3: Key exchange.
The client will carry out a couple of steps to check the certificate. A primary key is used, which is codified by RSA or ECDHE algorithm.
The client sends a message «ChangeCipherSpec,» which indicates the passage to encryption.
Step 4: Specification of the server changing code.
As the last step, the server sends a similar message. At this stage, the authentication and key exchange are over.
The TLS handshaking occurs invisibly for users; however, the connection won’t be secure without it.