Cryptography for Securing the Internet

Let’s learn about SSL/TLS, one of the most ubiquitous cryptographic protocols that provide secure communication.

Perhaps one of the highest-profile cryptography uses, at least to Internet users, is the Transport Layer Security (TLS) protocols. These are among the most important cryptographic protocols for establishing a secure channel.

The TLS protocols were first developed in the mid-1990s by Netscape Communications using their Navigator browser. These early versions were known as Secure Sockets Layer (SSL). Further development subsequently came under the Internet Engineering Task Force (IETF), which adopted TLS. The IETF released protocol versions TLS 1.0 in 1999, TLS 1.1 in 2006, and TLS 1.2 in 2008. The latest version, which is significantly different, is TLS 1.3.

Even though these protocols have long been known as TLS, the name SSL is still widely used. In some cases, this is the correct use of terminology since the early SSL protocol versions remain in (limited) deployment. However, most references today to ‘SSL’ are probably incorrect since most deployments use a version that’s officially labeled TLS.

In this section, we will generally refer to these protocols as TLS. Elsewhere in this course, however, we have made reference to ‘SSL/TLS’ to acknowledge the wider public usage of both names.

TLS background

TLS is used to protect data while it is being transferred between different locations and can be used in different communication settings. Although it has many applications, most users encounter TLS when securing a web connection between a client machine and a web server, for example, when making a purchase from an online store.

TLS requires a reliable underlying transport protocol, which makes it suitable for applications on the Internet running over the Transmission Control Protocol (TCP). The Internet is often modeled as a four-layer Internet Protocol Suite. While TLS operates at the Transport Layer of the Internet Protocol Suite, secure channels can also be established at the higher Application Layer using the Secure Shell (SSH) protocol and at the lower Internet Layer using the Internet Protocol Security (IPsec) suite.

Get hands-on with 1200+ tech skills courses.