Introduction to SSL/TLS

We have seen a lot of confusion and mistakes in terminology related to terms as VPN, SSL, TLS etc... so we decided to clarify a little bit to general public. This blog post is plastic explanation without going technical as encryption and online security in general is a huge area.

Let's clarify all those terms...

Encryption algorithms

There are two types of encryption algorithms available:

  • Synchronous - where both sides contain the key to encrypt/decrypt the data. Fast encryption, can encrypt large amount of data
  • Asynchronous - where key is split to 2-parts. Public key used only for encryption and Private Key only for decryption. Slow, can encrypt very small amount of data, usually few bytes.

The question someone might ask is why to use Async algorithms? Simply put, they are used in TLS/SSL protocol to securely exchange Synchronous keys which both parties will use for data encryption.

The most common synchronous algorithms used are AES and AEAD-CHACHA20-IETF-POLY1305 due to their strength and speed.

The most common asynchronous algorithms used are RSA and ECDSA. Where ECDSA is newer and by many modern and much better algorithm. ECDSA with 256bit strength is equal to the 3072-bit RSA. Which means, smaller and faster keys with better encryption. This brings faster TLS tunnels.

Secure Certificates

Simply put, it is data digitally signed with Asynchronous private key. But also contains public key and additional data. Provided public key can be used to verify certificate validity. Certs are often used to verify owner of the certificate or other signed data as documents or network packets.

Certificates are built on one of two async algos: RSA or more modern ECDSA.

SSL vs TLS

SSL and TLS are protocols to establish secure encrypted network connections. They are based on protocol handshake which happens during initial connection where client and server exchange digital certificate to introduce one to each other, and then exchange compatible encryption algorithms to be used. As a last step, encrypted synchronous key (usually AES) encrypted with assn. key (usually RSA) is exchanged to be used in data encryption.

General public mostly knows about SSL; however, TLS is a replacement for SSL from more than a decade and any company which takes care about security is using TLS. SSL was so long in use that it is still used as a term, even TLS is now common.

VPN

Term VPN is used all over the place that even we are using this name for some features in our products even this is not quite correct. Reason is that this is the term customers hear about and have some general knowledge about it. However, VPN belong to the group of encrypted network tunnels. We wrote about Green Screens VPN for IBM i where we described in detail about network tunnels.

Here, we are mentioning this only as a reference. For more details, click on vpn or security icon below to see other security related posts.