transport layer security (encryption) (TLS)
Transport Layer Security(TLS) is a VPN protocol and a further development of Secure Socket Layer( SSL) by the Internet Engineering Task Force ( IETF), which renamed the SSL protocol Transport Layer Security in 1999. The current standard is described in RFC 5246 and dates from 2008.
The TLS protocol is backward compatible with the SSL protocol and is used primarily in the Web environment, where it is used to secure HTTP connections and for commercial transactions. TLS security forms a generic security layer above the transport layer and uses the TCP protocol as a connection-oriented transport protocol. The TLS protocol is used for encrypting mail. It uses an encrypted tunnel and 128-bit encryption between mail servers or mail transfer agents(MTAs). To monitor the integrity of the mail and prevent unauthorized access to the mail server, Transport Layer Security uses certificate-based authentication.
To authenticate the data, the TSL protocol supports the Hashed Message Authentication Code( HMAC) and generates the key material. The TLS protocol uses the TLS record layer, which provides encryption of the application data, with the Alert, Change Cipher Spec., Handshake, and Application Data protocols built on top of it. The peers use the TLS handshake protocol to agree on the algorithms to be used for encryption and authentication. The TLS protocol works with four different keys: one each for encryption and decryption and one each for authentication of the incoming and outgoing data packets.
The TLS protocol is not only used in the Web environment with HTTP, but also in conjunction with other application protocols, such as for retrieving e-mails via the Post Office Protocol( POP) or via the Internet Message Access Protocol( IMAP). InWLANs, TLS security is used in conjunction with the Extensible Authentication Protocol( EAP), EAP-TLS, for the secure exchange of authentication data. Since EAP-TLS requires certificates from both communication partners, the transition has been made to EAP-TTLS, the Tunneled TLS.