The TLS protocol comprises two layers: the TLS record and the TLS handshake protocols.
TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999 and updated in RFC 5246 (August 2008) and RFC 6176 (March 2011).
It serves encryption to higher layers, which is normally the function of the presentation layer.
All TLS versions were further refined in RFC 6176 in March 2011, removing their backward compatibility with SSL such that TLS sessions never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
As of 21 March 2018 A digital certificate certifies the ownership of a public key by the named subject of the certificate, and indicates certain expected usages of that key.
While this can be more convenient than verifying the identities via a web of trust, the 2013 mass surveillance disclosures made it more widely known that certificate authorities are a weak point from a security standpoint, allowing man-in-the-middle attacks (MITM).
Before a client and server can begin to exchange information protected by TLS, they must securely exchange or agree upon an encryption key and a cipher to use when encrypting data (see § Cipher).
TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity (see § Algorithm below).
As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above (see the § Key exchange (authentication), § Cipher security, and § Data integrity tables).During this handshake, the client and server agree on various parameters used to establish the connection's security: This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes.If any one of the above steps fails, then the TLS handshake fails and the connection is not created.Taher Elgamal, chief scientist at Netscape Communications from 1995 to 1998, has been described as the "father of SSL".In 2014, SSL 3.0 was found to be vulnerable to the POODLE attack that affects all block ciphers in SSL; RC4, the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure.