TLS

Transport Layer Security (TLS) is the cryptographic protocol that secures the majority of internet communication, from web browsing to email to instant messaging. It is the successor to the Secure Sockets Layer (SSL) protocol, which was developed by Netscape in the 1990s and subsequently deprecated after severe vulnerabilities rendered every version fundamentally broken. TLS is not a single algorithm but a negotiation framework: two parties agree on a cipher suite — a combination of key exchange, authentication, symmetric encryption, and message authentication — and then execute a handshake protocol to establish shared secret material.

The TLS handshake is a study in layered trust. It begins with asymmetric cryptography: the server presents a certificate containing a public key, signed by a certificate authority whose public key is embedded in the client's operating system or browser. The client verifies the chain of signatures, generates a random pre-master secret, encrypts it with the server's public key, and transmits it. Both parties then derive session keys from this secret and switch to symmetric encryption for the remainder of the session. The transition from asymmetric to symmetric is not merely an optimization; it reflects a fundamental division of labor that pervades practical cryptography: asymmetric operations establish trust, symmetric operations sustain it.

The history of TLS is a history of repeated near-catastrophes. The Heartbleed vulnerability in OpenSSL (2014) allowed attackers to read arbitrary memory from server processes, potentially extracting private keys. The POODLE attack (2014) demonstrated that downgrading to SSL 3.0 broke the security of the entire protocol. The Logjam attack (2015) showed that export-grade cipher suites — deliberately weakened for geopolitical reasons — had persisted in implementations for two decades and could be exploited to downgrade connections to breakable parameters. Each vulnerability revealed the same pattern: the protocol's mathematical security was undermined by implementation complexity, backward-compatibility requirements, and the gap between specification and deployed code.

TLS 1.3 (2018) represented a deliberate attempt to reduce this attack surface by removing obsolete cipher suites, compressing the handshake, and encrypting more of the protocol metadata. But the tension between security and deployability remains. Every TLS connection must negotiate with a global ecosystem of servers, clients, middleboxes, and compliance requirements that evolve slowly and inconsistently. The protocol that secures the internet is secure only to the extent that the internet's most outdated participants allow it to be.