Web browsers have also been revised by their developers to defend against potential security weaknesses after these were discovered (see TLS/SSL support history of web browsers.) The TLS protocol is composed of two layers: the TLS record protocol and the TLS handshake protocol.
TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999 and updated in RFC 5246 (August 2008) and RFC 6176 (March 2011).
It is based on the earlier SSL specifications (1994, 1995, 1996) developed by Netscape Communications Client-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (Vo IP).Major web sites use TLS to secure all communications between their servers and web browsers.The primary goal of the Transport Layer Security protocol is to provide privacy and data integrity between two communicating computer applications.The other is for the client to use a protocol-specific mechanism (for example, STARTTLS for mail and news protocols) to request that the server switch the connection to TLS.
Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure.This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes.In addition to the properties above, careful configuration of TLS can provide additional privacy-related properties such as forward secrecy, ensuring that any future disclosure of encryption keys cannot be used to decrypt any TLS communications recorded in the past.TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity (see Algorithm).As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above (see authentication and key exchange table, cipher security table, and data integrity table).Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats (see Security).