Monday 16 June 2014

SSL / TLS Secure Socket Layer



SSL

SSL is the precursor to TLS. SSL was a proprietary protocol developed by Netscape Communications, later standardised within IETF and renamed as TLS. In short, the versions go in this order: SSLv2, SSLv3, TLSv1.0, TLSv1.1 and TLSv1.2.

 TLS:

TLS is a newer protocol than SSL (but AFAIK, it's compatible with SSL v3). Usually, there's only one difference you need to worry about:
A SSL'ed protocol usually has a separate port - for example, 80 for HTTP and 443 for HTTPS (HTTP/SSL). When you connect to the SSL port, the entire session is encrypted.
TLS is newer than SSL, and it doesn't require a separate port - instead it has to be negotiated by the client.. For example, you can run IMAP on port 143, and if both mail server and client support TLS, the client will send a STARTTLS command and only then enable encryption. This way you don't need a separate SSL-only port, while staying compatible with SSL-less applications.
Summary:
SSL: Slightly older. Separate ports for plain and encrypted connections. All traffic on SSL port is always encrypted.
TLS: Single port for both plain and encrypted connections. Encryption is only enabled after client issues a STARTTLS command.

 
From this Indiana University Knowledge Base article:
SSL stands for Secure Sockets Layer. Netscape originally developed this protocol to transmit information privately, ensure message integrity, and guarantee the server identity. SSL works mainly through using public/private key encryption on data. It is commonly used on web browsers, but SSL may also be used with email servers or any kind of client-server transaction. For example, some instant messaging servers use SSL to protect conversations.
TLS stands for Transport Layer Security. The Internet Engineering Task Force (IETF) created TLS as the successor to SSL. It is most often used as a setting in email programs, but, like SSL, TLS can have a role in any client-server transaction.
The differences between the two protocols are very minor and very technical, but they are different standards. TLS uses stronger encryption algorithms and has the ability to work on different ports. Additionally, TLS version 1.0 does not interoperate with SSL version 3.0.



Ref:


No comments:

Post a Comment

Please comment here