TLS

SSL | HTTPS | certificates | public key encryption | handshake protocol
Transport Layer Security (TLS) is a cryptographic protocol that ensures secure communication over a computer network – especially over the internet. TLS ensures that data transmitted between two systems is protected against interception, manipulation and falsification. It is the successor to SSL (Secure Sockets Layer) and is used almost exclusively in modern applications.

Functionality
TLS works between the transport and application layers of the OSI model. The TLS handshake is at the heart of the protocol: it establishes a secure connection by performing authentication, key agreement and the exchange of cryptographic parameters. Typically, this involves the use of asymmetric cryptography (public key method) to protect the initial key exchange and symmetric encryption for data transmission after the handshake.
The current TLS versions – currently mainly TLS 1.2 and TLS 1.3 – continuously improve performance and security by eliminating outdated encryption methods and making the handshake process more efficient.

Areas of application
TLS is essential for many applications and services on the Internet:

Websites (HTTPS): The best-known area of application is HTTPS, the secure version of HTTP. Here, TLS protects communication between the browser and the web server.

Email communication: Protocols such as SMTP, IMAP and POP3 use TLS to encrypt messages.

VPNs and VoIP: Many VPN protocols and VoIP services use TLS to secure the transmitted data.

API and microservice communication: In cloud architectures, TLS secures communication between services and external clients.

Advantages
TLS offers numerous security advantages:

Confidentiality: The data is encrypted so that only authorized recipients can read it.

Integrity: Hash-based checks ensure that data has not been changed during transmission.

Authenticity: Communication partners can authenticate each other with the help of certificates.

Widespread support: TLS is supported by almost all modern browsers, operating systems and network components.

Related technologies
Other security-relevant technologies are also important in connection with TLS: PKI (Public Key Infrastructure) manages certificates, while OCSP (Online Certificate Status Protocol) checks their validity. HTTP/2 also plays a role, as it uses TLS as a prerequisite.
The experts at BITS have used TLS and related technologies in a large number of projects. A selection of case studies and references can be found below.