Ready to Start Your Career?
January 1, 2016
Difference Between TLS And SSL
January 1, 2016
January 1, 2016
Hi Sir , What is the Difference between TLS and SSL ? Regards Sankara Narayanan.S Hi Sir , Can you please explain the difference between forward and reverse proxies . Regards Sankara Narayanan.S The terms SSL and TLS are sometimes used interchangeably, even though they are technically different protocols. However, SSL 3.0 did serve as the basis for TLS, so the two are related and are used for similar purposes. The important thing to remember is that SSL is now considered an outdated and insecure protocol and TLS should always be used instead of SSL. However, since the two sides of a connection negotiate which protocol to use, it is possible that a server running the latest version of TLS can still negotiate to use an earlier (and less secure) version of either protocol. Hackers have occasionally used this as a way to break into a secure server. The article below goes into more details about the differences between the two. https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html This link details an attack on servers which uses the backwards compatibility of using SSL 2.0 even when TLS is installed on the server. https://arstechnica.com/security/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack/ Paul pretty much summed it up. For all intents and purposes, SSL and TLS are interchangeable. To fill you in on the history of these two I'll tell you a story. In the late '80s/early '90s, the internet as we know it was in it's infancy. The majority of webpages were informational only and more often than not were static webpages that didn't change that much. Back in those days, very few people knew about the internet. Those that did know really didn't understand how it worked. All they knew was that you needed a special program called a web browser to access it. So people that wanted to access the internet had to go out and buy a browser. Now at the time the browser market was flooded with choices....no, that's a lie, they really only had 2 choices, Internet Explorer or Netscape Navigator (yes there was a time when IE was a application that had to be bought and didn't come prepackaged in an OS). In my opinion, Navigator was by far the superior browser. The main reason that many people feel the same was as me was because Netscape had this proprietary protocol called Secure Socket Layer (SSL) that would provide encryption for web traffic (i.e. https). At the time IE did not have this capability. Now fast forward a few years. Mid '90s the internet has really started to grow up. Common people have noticed the internet as something cool to play on, but business has discovered this as a way to make money. The dot com boom happens and it comes to a point where you can buy anything online. Around this time, Microsoft does something sneaky. Since most computers in the world at the time are running on a Windows platform, Microsoft decided to bundle IE with it's newest operating system (Windows 95). Microsoft's thinking went along the lines of "Since we are giving the users a browser, they don't need another one, so we're not going to release the source code and allow competitors an opportunity to create a rival browser". This effectively killed the market for Netscape. Antitrust suits ensued and lasted for years. All this time, Netscape was hanging on to the SSL protocol for dear life because it was the only thing keeping them competitive. However, over time Netscape finally succumbed to a dying market and went out of business. The IETF however wanted to save the SSL protocol. They basically took the SSL protocol, stripped it down to bare bones (while removing the Netscape proprietary stuff), rebuilt it, and repackaged it as TLS. Essentially they both do the exact same thing using eerily similar techniques. There are variations of each protocol and different uses for each, but their primary mission was and still is to provide web page encryption (i.e. HTTPS) to allow for ecommerce, online banking, and any other service where sensitive information or credentials are passed over the HTTP protocol.
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry