Difference between revisions of "Transport Layer Security"

From Seobility Wiki
Jump to: navigation, search
(Similar articles)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<seo title="What is TLS - Definition and Explanation" metadescription=”Transport layer security helps to keep data secure during the process of transferring it from one end to another. Learn more…” />
+
<seo title="What is Transport Layer Security?" metadescription="Transport layer security, often shortened to TLS, is a security protocol that improves the security of online communication. Learn more…" />
 
   
 
   
== What is Transport Layer Security? ==
+
== Definition ==
 +
[[File:HTTPs.png|thumb|450px|right|alt=HTTPS|'''Figure:''' HTTPS - Author: Seobility - License: [[Creative Commons License BY-SA 4.0|CC BY-SA 4.0]]|link=https://www.seobility.net/en/wiki/images/f/fa/HTTPs.png]]
  
Transport layer security is a cryptographic protocol that's designed to provide secure communication over computer networks. TLS ensures that hackers cannot breach your data privacy. This protocol is commonly used to protect such things as passwords, personal correspondence, emails, and credit card numbers, among others.
+
Transport layer security, often shortened to TLS, is a security protocol that improves the security of online communication. It is used to encrypt, verify and authenticate communication between browsers and servers, among other online communications.
  
== How TLS works ==
+
TLS is a critical security layer in the [[HTTPS|HTTPS]] protocol, often called HTTP over TLS.
 
   
 
   
TLS comes from Social Socket Layer (SSL) which Netscape Communications Corporation designed in 1994. It combines the handshake protocol and record protocol.<ref>[https://www.sciencedirect.com/topics/computer-science/transport-layer-security] Science Direct. 4 February 2021.</ref> While the handshake protocol is used to validate the communication participants, the record protocol is used to ensure the credibility of the data exchange.
+
== What is TLS used for? ==
 +
 
 +
Various transport layer security protocols are used online to make secure communication possible. They are used to encrypt the communication on websites, web applications, email clients, and VoIP systems.
 +
 
 +
TLS helps web developers protect their website users from data theft and fraud by encrypting their communication with the server. This improves the [[User Experience|user experience]] and has even become an important ranking factor for major [[Search Engine|search engines]] over the years.
 +
 
 +
Most major browsers will display a warning when the communication with a site isn’t encrypted. This can make a site very difficult to access by a user or cause them to reconsider whether a site is safe or not.
 
   
 
   
At the point of creation, the aim of TLS was to keep web sessions safe through efficient security. There were three versions of SSL before TLS emerged. SSL 1.0 was never made public while SSL 2.0 was swiftly replaced with SSL 3.0. The 3.0 version formed the basis of TLS.
+
== TLS certificates ==
 +
 
 +
A website needs to have a TLS certificate installed to use transport layer security. These certificates are often called SSL certificates, even though they use TLS instead of SSL.
 +
 
 +
This certificate contains a public key and information on the domain name it was created for. This information is used for encryption. It confirms that the information was sent by the right party and a third-party hasn’t changed it.  
 
   
 
   
TLS is a protocol that uses cryptography to provide air-tight security. Using both asymmetric and symmetric cryptography, this form of security has high performance, and efficiently protects data. Symmetric cryptography requires the use of a private key to encrypt data. Both the data sender and the receiver know the encryption key. Regarding computation, the symmetric method is very super-efficient.
+
== Forcing HTTPS ==
 +
 
 +
It’s best practice to force all communication with a site to use the HTTPS version. Forcing HTTPS means that all HTTP versions of the page [[Redirect|redirect]] to the HTTPS version, ensuring TLS encryption is used optimally.
 +
 
 +
This is achieved using the 301 redirect, which is an important [[HTTP Status Code|HTTP status code]] that moves the user to the preferred version of the page. This forces all website visitors and [[Search Engine Crawlers|search engine crawlers]] to use the secure version, improving the user experience of a site.
 
   
 
   
However, it is noteworthy that the secret key must be shared through a secure channel so as not to compromise it. The key has to be 128 bits in length. Preferably, it should be 256 in length. Keys that fall below 80 are now generally considered insecure for processes.
+
== TLS and page speed ==
 +
 
 +
In the past, the use of TLS could negatively impact [[Page Speed|page speed]]. The use of transport layer security requires computing power and extra server requests, causing loading delays.
 +
 
 +
Today’s TLS certificates offer improved performance when compared to those provided in the past. This means that if they’re implemented properly without additional redirects, the speed implications are small and are outweighed by the benefits.
 
   
 
   
On the other hand, asymmetric cryptography makes use of key pairs. This means that there are two key forms during the encryption and decryption stage. These are the public and private keys. Even though one of the keys is public, it is impossible to extract the private key through the public one due to the tight security. This ensures that the TLS protocol remains safe, and nothing compromises the data security.
+
== Redirect chains ==
 +
 
 +
Besides redirecting all users to the secure version of a site, there are also other choices that a web developer has to make regarding the preferred [[URL|URL]]. Some of these include whether to use the www. version or the non-www. version, as well as whether to use a [[Trailing Slash|trailing slash]] or not.
 +
 
 +
When redirecting to the secure version, all pages must redirect directly to the final destination. If not, redirect chains can occur, as depicted below:
 
   
 
   
TLS also makes use of larger sizes of keys, with bits running between 1024 and 2048. This makes it an intensive protocol with adequate security.
+
[[File:Chain-redirect.png|link=|border|Redirect Chain|Visualization of multiple redirects creating a redirect chain]]
  
== Key generation methods ==
+
An example of a redirect chain.
 
   
 
   
The TLS protocol uses any of the various key generation methods such as Ephemeral Elliptic Curve Diffie-Hellman (ECDHE).<ref>[https://www.ecdhe.com/] ECHDE. Retrieved 4 February 2021.</ref>
+
[[File:Redirect-chain-solution.png|link=|border|alt=Redirect Chain Solution|Graphic showing multiple URLs linking to the preferred URL]]
These methods offer secure channels to ensure the keys' safety even if a key gets obtained in the future by a third party.
+
 
 +
An image of how to fix the redirect chain by linking all URLs directly to the preferred URL.
 +
 
 +
== The difference between TLS and SSL ==
 +
 
 +
TLS is a more recent and more secure version of SSL, the latter of which had become outdated by the start of the twenty-first century. When online shopping started gaining traction, more advanced online encryption was needed.
 +
 
 +
SSL stands for Secure Socket Layer and is no longer used for the security of online communication. Although SSL isn’t actually used anymore, the term is still used often instead of TLS. An example of this is the SSL certificate, which is the more common name used for a TLS certificate.
 
   
 
   
It is noteworthy that weak keys or keys containing a deficiency in prime numbers have been seen to be susceptible to being compromised. However, this is an implementation problem and not essentially a protocol issue. Tools exist for determining the strength of these numbers.
+
== Its importance for SEO ==
 +
 
 +
Transport layer security is an important part of a site’s security. It allows web developers and SEOs to create a safe environment for visitors, improving the user experience and signaling to search engines that the site is secure.
 +
 
 +
By forcing the use of HTTPS and correctly implementing 301 redirects, redirect chains can be prevented and [[Link Juice|link equity]] can be preserved, improving a site’s SEO performance and a page’s speed.
 
   
 
   
For the transport security layer protocol, it is essential that the client that joins the server can validate the server's public key. That process is usually conducted through the use of an X.509 online certificate. This certificate is provided by a credible 3rd party referred to as the Certificate Authority or CA.
+
== Related links ==
  
The purpose of the CA is to validate the public key's originality. Alternatively, a server might employ the use of a self-issued certificate to serve the security needs. Irrespective, if a website is secure, the browser will display such with a padlock icon as shown in the screenshot below.
+
* <html><a href="https://www.seobility.net/en/blog/switch-from-http-to-https/" target="_blank">Switching from HTTP to HTTPS – Migration Guide – Seobility Blog</a></html>
 +
* https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-certificates-tls-https-and-opportunistic-tls
 +
* https://developers.google.com/search/docs/advanced/security/https
  
[[File:TLS.png|link=|border|alt=Transport Layer Security|Screenshot showing the symbols for different security statuses]]
+
== Similar articles ==
  
Screenshot of [https://support.google.com/chrome/answer/95617?hl=en google.com] indicating the meaning of security symbols
+
* [[HTTPS]]
 
 
== What is the difference between TLS and SSL? ==
 
 
TLS evolved from Secure Socket layer (SSL). The operation of the two models is different. TLS evolved as a stronger protocol that affords a more efficient data exchange. Over the years, TLS has become a popular method in use. But it is crucial to understand what TLS is doing that SSL couldn't do.
 
 
The essential difference between the TLS and SSL has to do with the cipher suites.<ref>[https://www.jscape.com/blog/cipher-suites] JSCAPE. Retrieved date.</ref> The cipher suite is the algorithm that deals with key generation, encryption, transfer, and other algorithmic processes with the key. Each TLS or SSL version has its unique cipher suite, and it keeps improving with each model.
 
  
More modern apps are embracing TLS as against SSL. Most apps do not support SSL 3.0 anymore. Case in point is Google Chrome that stopped SSL as far back as 2014.
+
[[Category:Web Development]]
 
== Importance of TLS for SEO ==
 
 
TLS is critical to your website’s ranking because it offers more levels of protection. Using HTTPs is directly responsible for your website's ranking. However, while HTTPs offers protection for users on your page, it is not comprehensive enough for instances where they share precious information like credit card details.
 
  
Therefore, for that purpose, you need to install TLS. In a nutshell, having TLS for your website addresses the security and risk concerns you may have and promotes user confidence.
+
<html><script type="application/ld+json">
 +
  {
 +
    "@context": "https://schema.org/",
 +
    "@type": "ImageObject",
 +
    "contentUrl": "https://www.seobility.net/en/wiki/images/f/fa/HTTPs.png",
 +
    "license": "https://creativecommons.org/licenses/by-sa/4.0/",
 +
    "acquireLicensePage": "https://www.seobility.net/en/wiki/Creative_Commons_License_BY-SA_4.0"
 +
  }
 +
  </script></html>
  
== References ==
+
{| class="wikitable" style="text-align:left"
 +
|-
 +
|'''About the author'''
 +
|-
 +
| [[File:Seobility S.jpg|link=|100px|left|alt=Seobility S]] The Seobility Wiki team consists of seasoned SEOs, digital marketing professionals, and business experts with combined hands-on experience in SEO, online marketing and web development. All our articles went through a multi-level editorial process to provide you with the best possible quality and truly helpful information. Learn more about <html><a href="https://www.seobility.net/en/wiki/Seobility_Wiki_Team" target="_blank">the people behind the Seobility Wiki</a></html>.
 +
|}
  
<references />
+
<html><script type="application/ld+json">
+
{
==Related Links==
+
  "@context": "https://schema.org",
+
  "@type": "Article",
* https://www.websecurity.digicert.com/security-topics/what-is-ssl-tls-https
+
  "author": {
+
    "@type": "Organization",
* https://www.google.com/amp/s/www.csoonline.com/article/3246212/what-is-ssl-tls-and-how-this-encryption-protocol-works.amp.html
+
    "name": "Seobility",
 +
    "url": "https://www.seobility.net/"
 +
  }
 +
}
 +
</script></html>

Latest revision as of 18:46, 6 December 2023

Definition

HTTPS
Figure: HTTPS - Author: Seobility - License: CC BY-SA 4.0

Transport layer security, often shortened to TLS, is a security protocol that improves the security of online communication. It is used to encrypt, verify and authenticate communication between browsers and servers, among other online communications.

TLS is a critical security layer in the HTTPS protocol, often called HTTP over TLS.

What is TLS used for?

Various transport layer security protocols are used online to make secure communication possible. They are used to encrypt the communication on websites, web applications, email clients, and VoIP systems.

TLS helps web developers protect their website users from data theft and fraud by encrypting their communication with the server. This improves the user experience and has even become an important ranking factor for major search engines over the years.

Most major browsers will display a warning when the communication with a site isn’t encrypted. This can make a site very difficult to access by a user or cause them to reconsider whether a site is safe or not.

TLS certificates

A website needs to have a TLS certificate installed to use transport layer security. These certificates are often called SSL certificates, even though they use TLS instead of SSL.

This certificate contains a public key and information on the domain name it was created for. This information is used for encryption. It confirms that the information was sent by the right party and a third-party hasn’t changed it.

Forcing HTTPS

It’s best practice to force all communication with a site to use the HTTPS version. Forcing HTTPS means that all HTTP versions of the page redirect to the HTTPS version, ensuring TLS encryption is used optimally.

This is achieved using the 301 redirect, which is an important HTTP status code that moves the user to the preferred version of the page. This forces all website visitors and search engine crawlers to use the secure version, improving the user experience of a site.

TLS and page speed

In the past, the use of TLS could negatively impact page speed. The use of transport layer security requires computing power and extra server requests, causing loading delays.

Today’s TLS certificates offer improved performance when compared to those provided in the past. This means that if they’re implemented properly without additional redirects, the speed implications are small and are outweighed by the benefits.

Redirect chains

Besides redirecting all users to the secure version of a site, there are also other choices that a web developer has to make regarding the preferred URL. Some of these include whether to use the www. version or the non-www. version, as well as whether to use a trailing slash or not.

When redirecting to the secure version, all pages must redirect directly to the final destination. If not, redirect chains can occur, as depicted below:

Visualization of multiple redirects creating a redirect chain

An example of a redirect chain.

Redirect Chain Solution

An image of how to fix the redirect chain by linking all URLs directly to the preferred URL.

The difference between TLS and SSL

TLS is a more recent and more secure version of SSL, the latter of which had become outdated by the start of the twenty-first century. When online shopping started gaining traction, more advanced online encryption was needed.

SSL stands for Secure Socket Layer and is no longer used for the security of online communication. Although SSL isn’t actually used anymore, the term is still used often instead of TLS. An example of this is the SSL certificate, which is the more common name used for a TLS certificate.

Its importance for SEO

Transport layer security is an important part of a site’s security. It allows web developers and SEOs to create a safe environment for visitors, improving the user experience and signaling to search engines that the site is secure.

By forcing the use of HTTPS and correctly implementing 301 redirects, redirect chains can be prevented and link equity can be preserved, improving a site’s SEO performance and a page’s speed.

Related links

Similar articles

About the author
Seobility S
The Seobility Wiki team consists of seasoned SEOs, digital marketing professionals, and business experts with combined hands-on experience in SEO, online marketing and web development. All our articles went through a multi-level editorial process to provide you with the best possible quality and truly helpful information. Learn more about the people behind the Seobility Wiki.