Skip to main content
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
N-able
  • Request a Quote
  • Try Now
    • N-able RMM
    • N-able N-central
    • N-able Backup
    • MSP Manager
    • N-able Mail Assure
    • N-able Passportal
    • N-able Risk Intelligence
    • N-able Take Control
Request quote
N-able
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare N-able RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
SolarWinds MSP is becoming Read More
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security What is Transport Layer Security Protocol?
Security

What is Transport Layer Security Protocol?

By SolarWinds MSP
30 January, 2020

Transport Layer Security (TLS) is a crucial part of cybersecurity protocols for organizations of any size, including managed services providers (MSPs). TLS is designed to secure data against hackers and helps ensure that sensitive information such as passwords and credit card numbers are safe. MSPs can do their part by ensuring their customers employ TLS protocols in all web-based communications for maximum security. In the following article, we look at what TLS is, how it works, and answer other common questions about TLS implementation.

What is TLS?  

Transport Layer Security is an encryption protocol designed to offer end-to-end security for web-based communications. The Internet Engineering Task Force (IETF) established TLS as the standard protocol to prevent tampering and eavesdropping.

When browsing the internet, users and web applications regularly encounter multiple possible security problems. These include authenticating the identity of the other party, data tampering, and third-party monitoring. TLS uses cryptographic techniques to authenticate the client or server in a connection, help ensure the integrity of the data being transferred, and provide protection throughout the browsing session.

Users typically recognize TLS from secure web browsing, in which online transactions are protected from hackers and eavesdroppers. Secure browsing sessions are indicated by the padlock icon at the top left corner of the web browser. TLS is also used in applications such as email, file transfers, video and audio conferencing. TLS is also compatible with a significant number of protocols including HTTP, SMTP, FTP, XMPP, and many more. Users should note that TLS isn’t designed to secure data on end systems, only data transferred over the internet.

How Does TLS Work?

CTA Image

Advanced Threat Detection and Monitoring

Contact A SolarWinds Threat Monitor Solution Specialist today.

Contact Sales Learn More

TLS security is designed to use encryption from both client and server ends to help ensure a secure connection between two or more communicating applications, guarantee interoperability between devices, and operate with relative efficiency.

Client-server communication begins by indicating whether communications will proceed with or without TLS protocols. The client can specify a TLS connection in a variety of ways. For instance, the client might use a port number that supports the types of encryptions used in TLS communications. Another potential method is to make a protocol-specific request to switch to a TLS connection.

Once the client and server have agreed to communicate using TLS, the TLS protocol specification proceeds through two layers: the TLS handshake protocol and the TLS record protocol. TLS protocols use a combination of symmetric and asymmetric cryptography. Symmetric cryptography creates keys known to both the sender and recipient, while asymmetric cryptography generates key pairs—one public (shared between both the sender and recipient) and one private.

The specifications required to exchange an application “message” are established in the TLS handshake protocol. A TLS handshake involves a series of exchanges between client and server that vary based on the utilized key exchange algorithm and the supported cipher suites, but can unfold as follows:

  • A client sends a “client hello” message requesting a connection and presents a list of supported cipher suites (a set of encryption algorithms used to establish a secure connection) and a random string of bytes (known as the “client random”).
  • The server responds with a “server hello” message containing the chosen TLS protocol version (1.0, 1.2, etc.), the chosen cipher suite, and a random string of bytes (known as the “server random”).
  • The server sends its SSL certificate to the client for authentication. The client authenticates the server by verifying the SSL certificate, and can also send a certificate for authentication if requested by the server. 
  • The client sends a second string of random bytes, the “premaster secret.” The client uses asymmetric cryptography to generate a public key from the server’s security certificate, which is then used to encrypt the premaster secret. The premaster secret can only be decrypted with the private key by the server.
  • The server decrypts the premaster secret with the private key.
  • Both client and server generate session keys from the client random, the server random, and the premaster secret.
  • The client sends a “finished” message that has been encrypted with a session key.
  • The server responds with a “finished” message that has been encrypted with a session key.
  • The client and server have successfully achieved secure symmetric encryption, meaning the handshake is complete and communication can continue with the established session keys.

Once the decryption method is established during the handshake procedure, TLS record protocol uses symmetric cryptography to generate unique session keys for each connection that enables continued communication throughout the session. The record protocol also appends any data getting sent out with a hash-based message authentication code (HMAC).

Because encryption protocols in TLS are complex, users should expect to expend some computation power on the process. But TLS also has internal techniques in place to prevent significant lags. As a result, TLS protocols shouldn’t noticeably affect web application performance and load times, nor should it increase computational costs for most organizations.  

The Difference Between TLS, SSL, and HTTPS

TLS originally evolved from Secure Socket Layers (SSL). SSL was developed in 1994 to facilitate secure web sessions. It underwent several upgrades before the introduction of TLS.  TLS 1.0 was first published in January 1999 as an upgrade of SSL version 3.0. TLS 1.3, the current version of TLS, was published in 2018.

Both TLS and SSL are widely used in web browsers, email, messaging apps, and other applications—although TLS has generally displaced SSL in newer systems. Generally, TLS offers stronger encryption algorithms for authentication and supports pre-shared keys and secure remote passwords.

Although the differences between SSL and TLS are minor, some aspects of their protocols clearly distinguish TLS from SSL. The two protocols are not interoperable, although TLS protocols offer some compatibility with older devices using SSL. TLS has a different handshake process from SSL, supports a greater array of cipher suites, and uses HMAC rather than the more general MAC in its record protocol.

Hypertext transfer protocol secure (HTTPS) refers to the implementation of TLS on top of HTTP protocol. Consumers typically know HTTPS as the secure version of HTTP—the primary protocol used to send data between websites.

The Purpose of TLS

TLS encryption helps protect web applications against data tampering and eavesdropping and is becoming standard practice for most websites. SSL/TLS protocols were developed to respond to the increasing number of security threats and the need for encryption from both client and server ends.

TLS is in place to help protect user privacy and security. Without TLS, sensitive information transferred over the internet such as login credentials, personal information, and credit card numbers are vulnerable to theft. It would also be possible for unknown third parties to monitor emails, browsing habits, and direct message correspondence.

In addition to protecting individual user information, TLS also helps protect web applications against data breaches and distributed denial-of-service (DDoS) attacks. Data breaches and DDoS attacks can prove to be incredibly costly to organizations of all sizes and can also cause irreparable damage to consumer trust. Ensuring that web browsers are using TLS is an easy way to amplify security and help protect both user and organizational privacy.

Most browsers today support TLS by default. For instance, Google Chrome actively warns users against non-HTTPS websites. In turn, users are also becoming savvier about website security and checking for secure data transfer protocols. By insisting on mandatory use of TLS in all web-based communications, organizations and individuals can help ensure a shared basic level of protection for web-based activity.

This is not to say that TLS is impossible to breach—breaches to TLS protocols in the last decade include BEAST in 2011, CRIME in 2012, BREACH in 2013, and Heartbleed in 2014. But since then, TLS protocols have made major revisions designed to eliminate flawed code and have added improvements in areas of security, performance, and privacy. The newest version of TLS (1.3) speeds up the encryption process, which in turn accelerates the handshake process. It also eliminates older algorithms that created vulnerabilities in previous versions. 

 

For more information on TLS and the benefits of this security layer read through our related blog articles.

 

Additional reading

TLS vs SSL: What's the Difference?
Data Loss Prevention Methods
Microsoft's Internet Explorer Security Flaw: An MSP Guide
You might also like...
Security

DearCry Ransomware Review 

Security

Endpoint security for Mac: What you need to know In 2021

Security

A guide to patch management policies for MSPs

Security

A Beginner's Guide to Unified Endpoint Management

Mail

How to Detect and Prevent Business Email Compromise

Security

Intrusion Detection System (IDS): Signature vs. Anomaly-Based

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • DearCry Ransomware Review 
  • PSA vs ITSM vs ESM: Part 2—Which is the right fit for your MSP?
  • 4 ways PSA software helps MSP businesses
  • PSA vs ITSM vs ESM: Part 1—What do they do? 
  • Endpoint security for Mac: What you need to know In 2021
Categories:
  • Security (252)
  • Tips & Advice (130)
  • Backup & Disaster Recovery (97)
  • Best Practices (97)
  • Managed Services (89)
  • The Head Nerds (88)
  • Business Growth (79)
  • IT Support (43)
  • Business (42)
  • Automation (41)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (37)
  • Remote Management (31)
  • ITSM (26)
  • Data (23)
  • Networking (22)
  • Cloud Computing (21)
  • PSA (16)
  • Marketing (15)
  • Product (11)
  • Service Desk (7)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Customer Service (3)
  • GDPR (3)
  • Internet of Things (3)
  • Training (2)
  • Research & Trends (2)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
  • Business Risk (1)
Show moreless
N-able

Products
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able EDR
  • N-able MSP Manager
  • N-able Mail Assure
  • N-able Risk Intelligence
  • N-able Take Control
  • N-able Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • COVID-19 Response
Support
  • N-able RMM
  • N-able N-central
  • N-able Backup
  • N-able Mail Assure
  • N-able Take Control
  • N-able MSP Manager
  • N-able Risk Intelligence
  • N-able Threat Monitor
  • N-able Passportal
  • N-able Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© N-able Solutions ULC and N-able Technologies Ltd.
All rights reserved.