Transport Layer Security (TLS) has been covered in many areas of this book, from TLS and DTLS for MQTT and CoAP to network security over the WAN and PAN security. Each has had some form of reliance on TLS. TLS also brings together all the cryptographic protocols and technologies we mention. This section briefly covers the TLS1.2 technology and process.

Originally SSL (Secure Sockets Layer), it was introduced in the 1990s but was replaced by TLS in 1999. TLS 1.2 is the current specification in RFC5246 as of 2008. TLS 1.2 includes an SHA-256 hash generator to replace SHA-1 and to strengthen its security profile. 

In TLS encryption, the  process is as follows:

1. The client opens a connection to a TLS-capable server (port 443 for HTTPS)
2. The client presents a list of supported ciphers that can be used
3. Service picks a cipher and hash function and notifies the client
4. The server sends a digital certificate to the client which includes a certificate authority and the server's public key
5. Client confirms the validity of the secret
6. A session key is generated either by:
   1. A random number being encrypted with the server's public key, and sending the result to the server. Server and client then use the random number to create a session key which is used for the duration of the communication.
   2. Using Dixie-Hellman key exchange to generate a session key used for encryption and decryption. The session key is used until the connection is closed.
7. Communication starts using the encrypted channel

Shown below is the handshaking process for TLS1.2 communication between two devices:

Datagram Transport Layer Security (DTLS) is a communications protocol at the datagram layer based on TLS (DTLS 1.2 is based on TLS 1.2). It is intended to produce similar security guarantees. The CoAP lightweight protocol uses DTLS for security.