LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What does TLS (Transport Layer Security) provide and where does it sit in the network stack?

TLS provides confidentiality, integrity, and authentication of the TCP byte stream. It sits between the transport layer (TCP) and the application layer (HTTP, SMTP, IMAP, …) — application-agnostic.

The stack:

HTTP / SMTP / IMAP / …      ← Application
       ↓
TLS / SSL                    ← The security layer
       ↓
TCP                          ← Transport
       ↓
IP / Ethernet / …            ← Lower layers

TLS sub-protocols:

Sub-protocol Role
Handshake Protocol Negotiate cipher suite, exchange keys, authenticate server (and optionally client)
Record Layer Frame, encrypt, MAC, and decrypt the data stream
Change Cipher Spec Signal "subsequent records will use the new keys" (TLS ≤1.2 only)
Alert Protocol Error / warning notifications between peers
Application Data The actual encrypted payload (HTTP request bodies, IMAP commands, etc.)

Why it's application-agnostic: because TLS frames bytes generically, any protocol that runs over TCP can be wrapped in TLS just by switching ports (HTTP→HTTPS port 80→443, IMAP→IMAPS port 143→993). No application-level changes required.

Historical naming: the protocol was called SSL (Secure Socket Layer) v1/v2/v3 by Netscape (1995). After IETF standardisation it became TLS v1.0 in 1999. Versions:

Version Year Status
SSL 2.0 1995 ❌ Insecure, disabled everywhere
SSL 3.0 1996 ❌ POODLE attack (2014)
TLS 1.0 1999 ❌ Deprecated 2020
TLS 1.1 2006 ❌ Deprecated 2020
TLS 1.2 2008 ✅ OK, still common
TLS 1.3 2018 ✅ Modern default — fewer round trips, AEAD-only, mandatory PFS

Tip: "SSL" is still colloquially used (SSL certificate, OpenSSL the library) but technically you almost always mean TLS today. Servers should disable SSL 2/3 and TLS 1.0/1.1 entirely.

From Quiz: ISF / Asymmetric Cryptography | Updated: Jul 14, 2026