Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security What is Transport Layer Security Protocol?
Security

What is Transport Layer Security Protocol?

By SolarWinds MSP
30 January, 2020

Transport Layer Security (TLS) is a crucial part of cybersecurity protocols for organizations of any size, including managed services providers (MSPs). TLS is designed to secure data against hackers and helps ensure that sensitive information such as passwords and credit card numbers are safe. MSPs can do their part by ensuring their customers employ TLS protocols in all web-based communications for maximum security. In the following article, we look at what TLS is, how it works, and answer other common questions about TLS implementation.

What is TLS?  

Transport Layer Security is an encryption protocol designed to offer end-to-end security for web-based communications. The Internet Engineering Task Force (IETF) established TLS as the standard protocol to prevent tampering and eavesdropping.

When browsing the internet, users and web applications regularly encounter multiple possible security problems. These include authenticating the identity of the other party, data tampering, and third-party monitoring. TLS uses cryptographic techniques to authenticate the client or server in a connection, help ensure the integrity of the data being transferred, and provide protection throughout the browsing session.

Users typically recognize TLS from secure web browsing, in which online transactions are protected from hackers and eavesdroppers. Secure browsing sessions are indicated by the padlock icon at the top left corner of the web browser. TLS is also used in applications such as email, file transfers, video and audio conferencing. TLS is also compatible with a significant number of protocols including HTTP, SMTP, FTP, XMPP, and many more. Users should note that TLS isn’t designed to secure data on end systems, only data transferred over the internet.

How Does TLS Work?

CTA Image

Advanced Threat Detection and Monitoring

Contact A SolarWinds Threat Monitor Solution Specialist today.

Contact Sales Learn More

TLS security is designed to use encryption from both client and server ends to help ensure a secure connection between two or more communicating applications, guarantee interoperability between devices, and operate with relative efficiency.

Client-server communication begins by indicating whether communications will proceed with or without TLS protocols. The client can specify a TLS connection in a variety of ways. For instance, the client might use a port number that supports the types of encryptions used in TLS communications. Another potential method is to make a protocol-specific request to switch to a TLS connection.

Once the client and server have agreed to communicate using TLS, the TLS protocol specification proceeds through two layers: the TLS handshake protocol and the TLS record protocol. TLS protocols use a combination of symmetric and asymmetric cryptography. Symmetric cryptography creates keys known to both the sender and recipient, while asymmetric cryptography generates key pairs—one public (shared between both the sender and recipient) and one private.

The specifications required to exchange an application “message” are established in the TLS handshake protocol. A TLS handshake involves a series of exchanges between client and server that vary based on the utilized key exchange algorithm and the supported cipher suites, but can unfold as follows:

  • A client sends a “client hello” message requesting a connection and presents a list of supported cipher suites (a set of encryption algorithms used to establish a secure connection) and a random string of bytes (known as the “client random”).
  • The server responds with a “server hello” message containing the chosen TLS protocol version (1.0, 1.2, etc.), the chosen cipher suite, and a random string of bytes (known as the “server random”).
  • The server sends its SSL certificate to the client for authentication. The client authenticates the server by verifying the SSL certificate, and can also send a certificate for authentication if requested by the server. 
  • The client sends a second string of random bytes, the “premaster secret.” The client uses asymmetric cryptography to generate a public key from the server’s security certificate, which is then used to encrypt the premaster secret. The premaster secret can only be decrypted with the private key by the server.
  • The server decrypts the premaster secret with the private key.
  • Both client and server generate session keys from the client random, the server random, and the premaster secret.
  • The client sends a “finished” message that has been encrypted with a session key.
  • The server responds with a “finished” message that has been encrypted with a session key.
  • The client and server have successfully achieved secure symmetric encryption, meaning the handshake is complete and communication can continue with the established session keys.

Once the decryption method is established during the handshake procedure, TLS record protocol uses symmetric cryptography to generate unique session keys for each connection that enables continued communication throughout the session. The record protocol also appends any data getting sent out with a hash-based message authentication code (HMAC).

Because encryption protocols in TLS are complex, users should expect to expend some computation power on the process. But TLS also has internal techniques in place to prevent significant lags. As a result, TLS protocols shouldn’t noticeably affect web application performance and load times, nor should it increase computational costs for most organizations.  

The Difference Between TLS, SSL, and HTTPS

TLS originally evolved from Secure Socket Layers (SSL). SSL was developed in 1994 to facilitate secure web sessions. It underwent several upgrades before the introduction of TLS.  TLS 1.0 was first published in January 1999 as an upgrade of SSL version 3.0. TLS 1.3, the current version of TLS, was published in 2018.

Both TLS and SSL are widely used in web browsers, email, messaging apps, and other applications—although TLS has generally displaced SSL in newer systems. Generally, TLS offers stronger encryption algorithms for authentication and supports pre-shared keys and secure remote passwords.

Although the differences between SSL and TLS are minor, some aspects of their protocols clearly distinguish TLS from SSL. The two protocols are not interoperable, although TLS protocols offer some compatibility with older devices using SSL. TLS has a different handshake process from SSL, supports a greater array of cipher suites, and uses HMAC rather than the more general MAC in its record protocol.

Hypertext transfer protocol secure (HTTPS) refers to the implementation of TLS on top of HTTP protocol. Consumers typically know HTTPS as the secure version of HTTP—the primary protocol used to send data between websites.

The Purpose of TLS

TLS encryption helps protect web applications against data tampering and eavesdropping and is becoming standard practice for most websites. SSL/TLS protocols were developed to respond to the increasing number of security threats and the need for encryption from both client and server ends.

TLS is in place to help protect user privacy and security. Without TLS, sensitive information transferred over the internet such as login credentials, personal information, and credit card numbers are vulnerable to theft. It would also be possible for unknown third parties to monitor emails, browsing habits, and direct message correspondence.

In addition to protecting individual user information, TLS also helps protect web applications against data breaches and distributed denial-of-service (DDoS) attacks. Data breaches and DDoS attacks can prove to be incredibly costly to organizations of all sizes and can also cause irreparable damage to consumer trust. Ensuring that web browsers are using TLS is an easy way to amplify security and help protect both user and organizational privacy.

Most browsers today support TLS by default. For instance, Google Chrome actively warns users against non-HTTPS websites. In turn, users are also becoming savvier about website security and checking for secure data transfer protocols. By insisting on mandatory use of TLS in all web-based communications, organizations and individuals can help ensure a shared basic level of protection for web-based activity.

This is not to say that TLS is impossible to breach—breaches to TLS protocols in the last decade include BEAST in 2011, CRIME in 2012, BREACH in 2013, and Heartbleed in 2014. But since then, TLS protocols have made major revisions designed to eliminate flawed code and have added improvements in areas of security, performance, and privacy. The newest version of TLS (1.3) speeds up the encryption process, which in turn accelerates the handshake process. It also eliminates older algorithms that created vulnerabilities in previous versions. 

 

For more information on TLS and the benefits of this security layer read through our related blog articles.

 

Additional reading

TLS vs SSL: What's the Difference?
Data Loss Prevention Methods
Microsoft's Internet Explorer Security Flaw: An MSP Guide
You might also like...
Automation

What the Head Nerds Were Up to in 2020
Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities
Security

Documentation Management API and Why It’s Important for the MSP Business
Security

What Is FIPS-140-2 Standard and When Is It Required?
Security

Malware-as-a-Service: A Crucial Reason Why Security Has Grown More Complex
Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Data (21)
  • Cloud Computing (21)
  • Networking (21)
  • Marketing (14)
  • PSA (11)
  • Product (11)
  • Services & Support (5)
  • Service Desk (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.