ABSTRACT
This chapter focuses on the exchanges and during session and connection establishment for both Secure Sockets Layer (SSL) and Transport Layer Security (TLS), explaining the main differences between the successive versions. SSL and TLS are two widely used protocols to secure exchanges at the transport layer between a client and a server. SSL/TLS define a framework to use the encryption and hashing algorithms that have been negotiated between the two parties to offer three security services: authentication, integrity, and confidentiality. SSL/TLS combine the operations of key establishment, confidentiality, signature, and hashing into one package denoted as cipher suite. The initial SSL/TLS protocols are four subprotocols: Handshake, Record, ChangeCipherSpec, and Alert; in 2012, the Heartbeat subprotocol was added. The concept of a connection in SSL/TLS has been introduced to allow an application to refresh certain security attributes without affecting all the other attributes that have been negotiated at the start of a session.
