TLS provides support for both trust and encryption.
Here are two types of encryption that make up a TLS session:
- Symmetric encryption
- Uses the same key for both encryption and decryption. Anyone who has the key can decipher encrypted data and can encrypt new data. The most common symmetric algorithms used in modern TLS cipher suites are AES and ChaCha20. Older cipher suites that are no longer considered secure used additional algorithms like DES, 3DES, and RC4.
- Asymmetric encryption (also called public key encryption)
- Uses different keys for encryption and decryption. Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the private key can only be decrypted with the public key. The most common asymmetric encryption algorithms used in TLS are RSA and elliptic curve (EC).
Symmetric encryption is generally much faster than asymmetric encryption, but it’s only secure if the sender and receiver are the only parties that have the symmetric key. Anyone else who has the key could covertly decrypt the information being transferred, and if they can interject themselves into the middle of the communication, they could transparently alter its content. As such, it’s only safe to use if the two parties have previously agreed upon a symmetric key that they use only for communication with each other.
The payload data that is transferred in a TLS session is encrypted with a symmetric cipher. However, this can only happen after a negotiation process that allows the client and server to decide upon which symmetric algorithm to use and what key to use with it.