If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Transport Layer Security (TLS)

Computers send packets of data around the Internet. These packets are like letters in an envelope: an onlooker can easily read the data inside them. If that data is public information like a news article, that's not a big deal. But if that data is a password, credit card number, or confidential email, then it's risky to let just anyone see that data.
The Transport Layer Security (TLS) protocol adds a layer of security on top of the TCP/IP transport protocols. TLS uses both symmetric encryption and public key encryption for securely sending private data, and adds additional security features, such as authentication and message tampering detection.
TLS adds more steps to the process of sending data with TCP/IP, so it increases
in Internet communications. However, the security benefits are often worth the extra latency.
(Note that TLS superseded an older protocol called SSL, so the terms TLS and SSL are often used interchangeably.)

From start to finish

Let's step through the process of securely sending data with TLS from one computer to another. We'll call the sending computer the client and the receiving computer the server.

TCP handshake

Since TLS is built on top of TCP/IP, the client must first complete the 3-way TCP handshake with the server.
Diagram of two computers with arrows between. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from laptop to server with a box above it that contains "ClientHello, ProtocolVersion: TLS 1.3, CipherSuites: TLS_RSA_WITH_RC4_128_SHA".
  • Arrow goes from laptop to server with "SYN" label.
  • Arrow goes from server to laptop with "ACK SYN" label.
  • Arrow goes from laptop to server with "ACK" label.

TLS initiation

The client must notify the server that it desires a TLS connection instead of the standard insecure connection, so it sends along a message describing which TLS protocol version and encryption techniques it'd like to use.
Diagram of two computers with arrows between. Computer on the left is a laptop showing a login screen for khanacademy.org. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from laptop to server with a box above it that contains "ClientHello, ProtocolVersion: TLS 1.3, CipherSuites: TLS_RSA_WITH_RC4_128_SHA".

Server confirmation of protocol

If the server doesn't support the client's requested technologies, it will abort the connection. That may happen if a modern client is trying to communicate with an older server.
As long as the server does support the requested TLS protocol version and other options, it will respond with a confirmation, plus a digital certificate that contains its public key.
Diagram of two computers with arrows between. Computer on the left is a laptop showing a login screen for khanacademy.org. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from server to laptop with box above that says "ServerHello, ProtocolVersion: TLS 1.3, CipherSuite: TLS_RSA_WITH_RC4_128_SHA, Certificate, ServerHelloDone".

Certificate verification

The server's digital certificate is the server's way of saying "Yes, I really am who you think I am". If the client doesn't believe the certificate is legit, it will abort the connection, since it doesn't want to send private data to an imposter.
Otherwise, if the client can verify the certificate, it continues on to the next step.
Client verification diagram. A laptop has a thought bubble coming out from it that says "Certificate = khanacademy.org?".

Shared key generation

The client now knows the public key of the server, so it can theoretically use public key encryption to encrypt data that the server can then decrypt with its corresponding private key.
However, public key encryption takes much more time than symmetric encryption due to the more difficult arithmetic operations involved. When possible, computers prefer to use symmetric encryption to save time.
Fortunately, they can! The computers can first use public key encryption to privately generate a shared key, and then they can use symmetric encryption with that key in future messages.
The client starts off that process by sending a message to the server with a pre-master key, encrypted with the server's public key. The client computes the shared key based on that pre-master key (as that is more secure than sending along the actual shared key) and remembers the shared key locally.
The client also sends a "Finished" message whose contents are encrypted with the shared key.
Diagram of two computers with arrows between. Computer on the left is a laptop showing a login screen for khanacademy.org. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from laptop to server with box above that says "ClientKeyExchange (PreMasterSecret: c3ac534fd919a0e92b966795e), ChangeCipherSpec, Finished (21c124d28a548559f0f8abd4b)".

Server confirmation of shared key

The server can now compute the shared key based on the pre-master key, and attempt to decrypt the "Finished" message with that key. If it fails, it aborts the connection.
As long as the server can successfully decrypt the client's message with the shared key, it sends along a confirmation and its own "Finished" message with encrypted contents.
Diagram of two computers with arrows between. Computer on the left is a laptop showing a login screen for khanacademy.org. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from server to laptop with box above that says "ChangeCipherSpec, Finished (c49fe482d338760807c3c278f)".

Send secure data

Finally, the client securely sends the private data to the server, using symmetric encryption and the shared key.
Diagram of two computers with arrows between. Computer on the left is a laptop showing a login screen for khanacademy.org. Computer on right is a server labeled with the IP address for khanacademy.org. A single arrow goes from laptop to server with box above that has a string of encrypted data.
Oftentimes, the same client needs to send data to a server multiple times, like when a user fills out forms on multiple pages of a website. In that case, the computers can use an abbreviated process to establish the secure session.
Check your understanding
As you've seen, both computers must go through many steps to set up secure communication with TLS.
Complete the list of steps below:
  1. Client and server complete TCP handshake
  2. Client sends data encrypted with shared key

TLS everywhere

TLS is used for many forms of secure communication on the Internet, such as secure email sending and secure file upload. However, it's most well known for its use in secure website browsing (HTTPS).
TLS provides a secure layer on top of TCP/IP, thanks to its use of both public key and symmetric encryption, and is increasingly necessary to secure the private data flying across the Internet.

🙋🏽🙋🏻‍♀️🙋🏿‍♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!

Want to join the conversation?