mTLS is an extension of the security provided by TLS. This is done by adding mutual authentication between the client and the server.
When using mTLS, both the client and the server share their own certificates with each other to verify the identity on both ends prior to establishing a secure connection.
TLS and its predecessor SSL in contract only provide authentication of the server to the client. This is sufficient for many use cases where the client trusts the server and just wants to verify the servers identity before sending any sensitive information.
As an IETF standard, TLS is an evolution of the secure socket layer (SSL) which was developed in the 1990’s by Netscape and are closely related and used interchangeably.
SSL has since been deprecated due to security issues in favour of TLS.
Reference:
Leave a Reply