Transport Layer Security (TLS)

Overview
Transport Layer Security (TLS) is used between two communicating applications to provide confidentiality and data integrity. The agreement consists of two layers: TLS Record Protocol (TLS Record) and the TLS Handshake Protocol (TLS Handshake). The lower layer of TLS Record Protocol, is located in a reliable transport protocol (eg TCP) above.
Protocol Structure
TLS protocol consists of two protocol groups - TLS Record Protocol and the TLS Handshake Protocol - each with many different formats of information.
 TLS Record Protocol is a hierarchical protocol. The information in each layer may contain the length, description and content fields. Record information transmission protocol support, the data segment to handle block, compressed data, applications MAC, encryption and transmission of results. Decrypt the received data, check, extract, restructuring, and then transfer them to high-level clients.
 TLS connection state is the TLS Record Protocol refers to the operating environment. It provides for the compression algorithm, encryption algorithm and MAC algorithm.
 TLS record layer to receive any size from a high-level non-empty block of continuous data. Key calculation: Record Protocol handshake protocol through the algorithm from the security parameters provided in the key generation, IV, and MAC keys. TLS Handshake Protocol consists of three sub-groups constituted an agreement that allows the recording layer on the other two sides to agree on security parameters, self-certification, illustrates negotiate security parameters, reporting error conditions to each other.
 TLS Handshake Protocol:
 1. To change the password standard protocol
 2. Alert protocol
3. Handshaking protocol
TLS Record Protocol
TLS Record Protocol provides connection security with two basic characteristics:
 Private - symmetric encryption for data encryption (DES, RC4, etc.). Symmetric encryption key generated is unique for each connection, and this key is based on another protocol (such as the handshake protocol) negotiation. Record Protocol can also be used without encryption.
 Reliable - including the use of key information transmission MAC integrity check of information. Secure hash functions (SHA, MD5, etc.) for the MAC calculation. Recorded in the absence of MAC protocol can also operate under the circumstances, but generally only for this model, that there is another transmission protocol is an agreement to negotiate security parameters recorded.
 TLS Record Protocol is used to encapsulate a variety of high-level agreement. This package deal as one of the handshake protocol allows the server and client in the application protocol to transmit and receive data byte before its first mutual authentication each other, negotiate an encryption algorithm and encryption keys.
TLS Handshake Protocol
TLS handshake protocol provides connection security has three basic attributes:
 1. You can use asymmetric or public key cryptography to authenticate the identity of the peer. The certification is optional, but at least one node side.
 2. Shared encryption key negotiation is safe. Consultation on the theft by encrypting it is difficult to obtain. Also after the connection can not be authenticated encryption, even into the connection between the attacker can not.
 3. Negotiation is reliable. Communication party members have not been detected, the attacker can not modify any communication consultation.
Summary
The biggest advantage is that TLS: TLS is application protocol independent. Distribution of high-level protocol can transparently above the TLS protocol. However, TLS does not require the application standards and how to add TLS security; it to how to start the TLS Handshake Protocol and how to interpret the certificate exchange protocol discretion left to the designers and implementers to judge.
 TLS consists of three basic stages:
 1. Consultative support of other key algorithm
2. Based on secret key exchange public key encryption, PKI certificate-based authentication
3. Based on public key encryption data security