# What you'll learn

After watching this video, you'll be able to:
* Define Transport Layer Security (TLS) and Secure Sockets Layer (SSL).
* Describe the working of modern TLS.
* Identify how to keep TLS secure in the Software Development Lifecycle (SDLC).

# Security protocols

* In today's world, high-quality video streaming platforms have taken over our televisions and mobile screens.
* These platforms offer high quality video content to millions of users worldwide.
* For these platforms, security is a top priority to ensure that user data remains protected during video transmission.
* To achieve this, the platforms implement Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols to encrypt the video data and establish secure connections between the server and the clients.


# What are SSL and TLS? 

![image.png](attachment:dc4f27d4-0723-4826-842c-370b87d08bd3.png)

Both are protocols for establishing secure connections between network computers, specifically a server and a client.

When we say secure, we mean that If someone were to intercept the communications, it would be useless to them because it would be unreadable due to encryption.

In simple words, secure means protecting data sent over the Internet or a computer network.

**How is the data secured?**: Both Secure Sockets Layer (SSL) and Transport Layer Security (TLS), provide security between web browsers and servers.

**What is the difference between SSL and TLS?**
* In fact, TLS is a successor to SSL.
* The first version of TLS, TLS 1.0 was introduced in 1999.
* Today, when people refer to SSL or TLS/SSL, they are usually referring to modern TLS.

# How does modern TLS work? 

![image.png](attachment:c98bcf45-f239-44d7-8c06-acec1e656736.png)

At a high level, it uses four steps; you can follow these steps to ensure TLS stays secure in the software development lifecycle (SDLC).
* For two computers to communicate using a Secure TLS protocol, they must first agree on a TLS version to use.
    * Both will choose the highest supported version.
    * If two computers don't have the supported version, the process will fail.
* Once the client and the server computers agree on a supported version of TLS to use, they agree on a supported cipher to use from that version of TLS.
* A cipher simply defines how information will be encrypted between the server and the client.
* Once a cipher is chosen, the client will verify the server's identity using the server's public key and the server's TLS certificate signature.
* Finally, the two computers generate session keys using their certificates' public and private keys.
* These keys are later used in the cipher chosen in Step 2, they are the secrets that allow the server and client to communicate securely.

# Ensure TLS Security

![image.png](attachment:c565b42d-693c-4c9f-8ddc-4cdc69bd7cbf.png)

**How do you ensure TLS remains secure in your application's SDLC?**

Basically, with two components: 
* first, you use Continuous Integration and Continuous Delivery, or CI/CD, to renew TLS certificates before their expiration date.
* They usually expire about every one or two years, however, it's a good practice to renew earlier than that, for example, every few months.
* Second, you need to make sure that your application keeps its TLS version support up to date, this means it should support the newest available version of TLS.
* Also, it should prefer the most robust ciphers and avoid vulnerable ciphers at all costs.
* This often means dropping support for outdated versions of TLS such as 1.0 and 1.1.

TLS and SSL contribute to secure, trustworthy and seamless communication between client and server.

By implementing these protocols, you can protect as well as ensure the confidentiality and integrity of your data.

# Summary

In this video, you learned that:
* TLS and SSL are protocols for establishing secure connections or communications between network computers, specifically a server and a client.
* TLS is a successor to SSL, and both usually refer to the same protocol.
* There are four steps to ensure TLS is secure in the SDLC:
    * Firstly, the computers must agree on a TLS version to use.
    * Secondly, the computers must agree on a supported cipher to use.
    * Third, the client verifies the server's identity and TLS certificate signature, and 
    * Finally, the two computers generate session keys to communicate secretly.
* You also learned that TLS works effectively when the server has an up to date certificate and TLS version support.