Transport Layer Security (TLS), created by the IETF as the successor to Netscape’s SSL, establishes an encrypted and authenticated channel between client and server — ensuring no third party can eavesdrop or tamper with communication.

TLS Architecture

• TLS Record Protocol: Provides connection security via symmetric encryption (e.g., DES). Can also be used without encryption.
• TLS Handshake Protocol: Enables mutual authentication and negotiation of cipher suite and session keys before data is exchanged.

Handshake Message Flow

Message	Purpose
ClientHello	Proposes cipher suites and TLS version
ServerHello	Selects cipher suite, sends server certificate
KeyExchange	Establishes shared keying material
ChangeCipherSpec	Both sides activate negotiated encryption
Alert	Signals errors or session termination

TLS vs SSL

SSL immediately begins with a secured channel. TLS starts with an insecure “hello” and only switches to encrypted communication after a successful handshake. If the handshake fails, no connection is created. TLS also allows secure and insecure connections on the same port, while SSL requires a dedicated secure-only port.

TLS Design Goals (Priority Order)

1. Cryptographic Security — establish a genuinely secure connection
2. Interoperability — independent implementations can exchange parameters without shared code
3. Extensibility — new encryption methods can be incorporated as needed
4. Relative Efficiency — session caching reduces the cost of repeated full handshakes