Every time you see a padlock in your browser's address bar and a URL starting with "https://," you're benefiting from the TLS protocol. It's one of the most widespread security technologies on the internet. But what does it really mean, and why is TLS 1.3 (used by EchoPass) important?
What Is TLS?
TLS (Transport Layer Security) is the protocol that secures connections between your browser and web servers. It's the evolution of the older SSL (Secure Sockets Layer) protocol, often still mentioned by that name despite being obsolete.
TLS serves two essential functions:
Authentication: TLS verifies you're communicating with the real server, not an impersonator (man-in-the-middle attack). This is the role of SSL/TLS certificates, issued by certificate authorities.
Encryption: TLS encrypts data exchanged between your browser and the server. Even if someone intercepts network traffic, they only see unreadable data.
HTTP vs HTTPS: The Concrete Difference
HTTP (without S): data travels in plain text. An attacker on the same WiFi network can see exactly what you send and receive. Like sending a postcard.
HTTPS: data is encrypted by TLS. Interception only gives access to encrypted text, unusable without the decryption key.
Since 2018, Google Chrome marks HTTP sites as "Not Secure." Most modern browsers display warnings for unencrypted connections.
TLS Versions and Why They Matter
TLS 1.0 and 1.1 (Obsolete)
These older versions have several known vulnerabilities. They were officially deprecated by the IETF in 2021. If a service still uses them, it's a red flag.
TLS 1.2 (Acceptable)
Still widely deployed, TLS 1.2 is secure if properly configured. It supports modern cryptographic suites, but also older suites that can be vulnerable if misconfigured.
TLS 1.3 (Recommended)
TLS 1.3 is the newest and most secure version. Its key improvements:
Removal of weak algorithms: TLS 1.3 only supports modern cryptographic suites. Vulnerable older algorithms have been removed.
Faster handshake: TLS 1.3 reduces initial handshake latency (from 2 round trips to 1), speeding up connection establishment.
Mandatory Perfect Forward Secrecy: even if the server's private key is compromised later, past sessions cannot be retroactively decrypted.
Enhanced confidentiality: TLS 1.3 encrypts more information during the handshake, reducing visible metadata.
EchoPass uses TLS 1.3 for all its connections, guaranteeing the highest level of security for your data in transit.
Understanding SSL/TLS Certificates
An SSL/TLS certificate proves you're communicating with the right server. When you visit https://echopass.app, your browser verifies the certificate is:
- Issued by a recognized certificate authority
- Valid (not expired)
- Matching the visited domain
Domain Validation (DV): basic level, just verifies the requester controls the domain. Visible as a simple padlock.
Organization Validation (OV): verifies the organization's identity. Offers better assurance about the site's identity.
Extended Validation (EV): the most rigorous, formerly displayed the organization name in the address bar. Less used today.
What TLS Doesn't Protect
It's important to understand TLS's limitations:
TLS doesn't protect the final content: your data arrives decrypted on the recipient's servers. Google receives your searches in plain text despite HTTPS.
TLS doesn't make you anonymous: metadata (which sites you visit, when, for how long) can be visible.
TLS doesn't protect against fraudulent sites: a phishing site can have a valid HTTPS certificate. The padlock means the connection is encrypted, not that the site is legitimate.
That's why TLS alone is insufficient to protect sensitive data. It must be combined with end-to-end encryption for complete protection.
EchoPass's TLS + E2E Encryption Combination
EchoPass combines TLS 1.3 for transit and XChaCha20-Poly1305 for end-to-end encryption:
- Your message is encrypted in your browser (E2E)
- The connection between your browser and our servers is secured by TLS 1.3
- Our servers receive already-encrypted data: even we can't read it
- Upon delivery to your recipient, the same process applies
This double protection guarantees the absolute confidentiality of your messages.