Skip to content

TLS - Transport Layer Security

Some protocols move data.
TLS protects it.
It is not about transmission. It is about confidentiality, integrity, and authenticity.
TLS is the shield that wraps around protocols like HTTP, SMTP, and FTP.

What this page covers

  • What TLS is and what it does
  • How it fits into the TCP/IP stack
  • Where its data comes from
  • How it is structured and negotiated
  • How it can be abused or defended
  • Tools I use to explore it

This page is my reference for understanding TLS as a security protocol, a handshake mechanism, and a trust model.

What TLS Actually Is

TLS is a cryptographic protocol used to secure communication over networks.
It encrypts data, verifies identities, and ensures that messages are not tampered with.
TLS is the successor to SSL and is used in almost every secure web and email connection.

TLS is used by protocols like:

  • HTTPS
  • SMTPS
  • FTPS
  • IMAPS
  • LDAP over TLS

How TLS Lives in the TCP/IP Stack

  • OSI Layer: Presentation Layer (Layer 6)
  • Transport: Runs on top of TCP
  • Flow:
  • TLS wraps application data in encryption
  • Encrypted data is sent over TCP
  • TCP packets are encapsulated in IP

TLS does not replace TCP.
It enhances it by adding encryption and identity verification before the application layer sees the data.

Where TLS Data Comes From

TLS secures data generated by:

  • Application protocols like HTTP or SMTP
  • User input in forms, logins, or messages
  • System-generated headers and metadata

TLS does not generate content.
It transforms content from higher layers into encrypted blocks for secure transmission.

How TLS Works

  • Handshake:
  • Client and server agree on encryption methods
  • Server presents a certificate
  • Keys are exchanged or derived

  • Secure session is established

  • Encryption:

  • Symmetric encryption for speed
  • Asymmetric encryption for key exchange

  • Hashing for integrity

  • Certificates:

  • Issued by Certificate Authorities (CAs)
  • Bind public keys to domain names
  • Verified during the handshake

TLS is designed to prevent eavesdropping, tampering, and impersonation.

TLS and Security

TLS can be misconfigured or exploited:

  • Weak cipher suites: allow outdated or broken encryption
  • Expired or invalid certificates: break trust
  • Downgrade attacks: force use of older, insecure versions
  • Certificate spoofing: trick clients with fake identities

Defenses include:

  • Enforcing strong cipher suites
  • Using modern TLS versions (1.2 or 1.3)
  • Validating certificates properly
  • Monitoring for anomalies and alerts

Tools I Use to Explore TLS

openssl

  • Inspect certificates and test TLS connections
  • Example: openssl s_client -connect example.com:443

sslyze

  • Scan servers for TLS configuration and vulnerabilities
  • Example: sslyze --regular example.com

nmap

  • Check TLS versions and supported ciphers
  • Example: nmap --script ssl-enum-ciphers -p 443 example.com

These tools help me understand how TLS is configured, how it behaves, and how it can be tested or hardened.

Final Thought

TLS is a handshake.
It is a promise between client and server that the conversation will be private and authentic.
It is the protocol of trust, built on math, certificates, and careful negotiation.

This page is my study of that promise.
Not just how TLS works, but how it protects, how it fails, and how it earns trust.