Kuzovkin Alexey Viktorovich is the general director of “Infosoft” company, ex-chairman of the board of directors in company group “Armada”. Alexey Viktorovich has huge experience in managing innovative and IT projects. Alexey Kuzovkin told us about why sanctions of west countries encourage the Russian IT sector to develop.
TLS is a protocol used for establishing authenticated and codified connections between computers of a network. In fact, it represents a digital signature for connecting the website securely.
It is a standard protocol that makes your Internet connection safe, providing a secure exchange of any confidential data between two systems. It doesn’t allow other sides to look through or change any information transmitted. As a matter of fact, it makes it impossible to read all kinds of transported data: logins and passwords, emails, financial details.
The server sends a TLS certificate once you connect the website.
TLS certificates include the following information:
- Name of the object domain;
- Object organization;
- Name of emitent certification authority;
- Open key;
- Supplementary domain names of subjects, including subdomains;
- Date of issue;
- Date of expiring;
- Signature of the certification authority (CA).
TLS guarantees that the data is codified securely and is unreadable for the third parties.
Connection between TLS and SSL certificates
SSL certificate is a type of data that contains an open key, identify the resource owner and some other information. It is the file installed on the initial server. Traffic cannot be codified by TLS without an SSL certificate.
A protected website has an SSL certificate. You can check it by controlling the presence of a lock icon on the left to URL and the URL address’ prefix https instead of http.
The SSL/TLS protocol is used for codifying traffic of any kind, which makes secure Internet connection and commerce possible. TLS uses a mix of symmetrical and asymmetrical encryption methods. Symmetrical encryption is used for ensuring security of data exchange between browser and web server. Symmetrical method codifies and decodes data using a secret key that is known by the sender and the receiver; usually it has weight of 128 bit, however, 256 bit is better (everything that is less than 80 bit is considered to be unsecure). Symmetrical encryption is efficient in terms of calculations, the usage of common secret key means the necessity of safe exchange of it.
Assymetrical encryption is used for exchanging generated symmetrical keys that prove the client’s and server’s authenticity. Such type of cryptography utilises two cryptographic keys: open and closed ones.
The term TLS handshaking
TLS handshaking is responsible for establishing a secure connection between client and server. As clients visit a website through https, browser and server make a TLS handshaking.
The TLS handshaking is necessary for the following:
- Adjustment of code kits and TLS version.
- Identification of server and client.
- Key exchange.
There are two well-spread versions of TLS handshaking: TLS 1.2 and TLS 1.3. TLS 1.3 was published by IETF in 2018 as RFC 8446. It is an updated version of TLS 1.2. The process includes 4 main steps:
Step 1: Hello, client.
In order to start a TLS handshaking, a client sends the „Clienthello” message to a server.
Step 2: Hello, server.
As the server receives the message, it will confirm if it supports your TLS version and will respond with the information about the version and the code kit chosen.
In order to carry the authentification out, the server will specify its own SSL certificate.
Step 3: Key exchange.
The client will carry out a couple of steps to check the certificate. A preliminary key is used which is codified by RSA or ECDHE algorithm.
The client sends a message «ChangeCipherSpec» which indicates the passage to encryption.
Step 4: Specification of the server changing code.
As the last step, the server sends a similar message. At this stage, the authentication and key exchange are over.
The TLS handshaking occurs invisibly for users; however, connection won’t be secure without it.