Secure Sockets Layer(SSL) versus Transport Layer Security(TLS)

               SSL AND TLS -What’s the difference and which one is more secure...
BEFORE WE DECIDE WHICH ONE IS MORE SECURE ,WE MUST KNOW WHAT IS THESE?---Simply these are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email.[sintuhack]
Now which one is more secure?[sintuhack]
While SSL and TLS differ in ways that make them inoperable with each other, they are generally considered equal in terms of security. The main difference is that, while SSL connections begin with security and proceed directly to secured communications, TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created.[sintuhack]
Both Internet security protocols ensure that your data is encrypted as it is transmitted across the Internet.  They also both enable you to be sure that the server that you are communication with is the server you intend to contact and not some “middle man eavesdropper”.  This is possible because servers that support SSL and TLS must have certificates issued to them by a trusted third party, like Verisign or Thawte.[sintuhack].  These certificates verify that the domain name they are issued for really belongs to the server. [sintuhack]. Your computer will issue warnings to you if you try to connect to a server and the certificate that it gets back is not trusted or doesn’t match the site you are trying to connect to.[sintuhack]
If you are mostly concerned about your level of security, you can’t really go wrong choosing either SSL or TLS.[sintuhack]
 The main benefit in opting for TLS over SSL is that TLS was incepted as an open-community standard, meaning TLS is more extensible and will likely be more widely supported in the future with other Internet standards. TLS is even backwards compatible, possessing the ability to “scale down” to SSL if necessary to support secure client-side connections that only understand SSL.[sintuhack]
Another more immediate benefit, however, is that TLS allows both secure and insecure connections over the same port, whereas SSL requires a designated secure-only port. For users connecting to an email server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily switch to insecure connections if necessary without needing to change ports. This is not possible with SSL.[sintuhack]

0 comments: