SSL (Secure Socket Layer) vs TLS (Transport Layer Security)

Jami Ullah Lv2Posted 21 Jul 2023 21:04

SSL (Secure Socket Layer) vs TLS (Transport Layer Security)

Maybe you have heard about SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 but you may have never noticed the differences between the different versions? SSL and TLS are both protocols used mostly in cryptography which gives secure communication over IP networks.These different versions SSL and TLS are used widely in today’s applicationslike web browsing, e-mail, IM and Voice Over IP (VoIP). Each of them isslightly different from each other. Below you will find the major differences between the different protocol versions.

SSL 3.0

It was released in 1996 by Netscape developer but first began with the creation of SSL1.0. Version 1.0 was not released, and because having multiple security flaws in SSL 2.0, SSL 3.0 was released.
The key enhancements of SSL 3.0 over SSL 2.0 are:

# The transport layer was separated from the message layer.
# The full 128 bits of keying material was used even while using the Export cipher.
# Both client and servers could send chains of certificates. This way, organizations started using certificate hierarchy and it was more than two certificates deep.
# Record compression and decompression were allowed.
# Ability of SSL 3.0 to support backward compatibility with SSL2.0.

TLS 1.0
TLS1.0 was written in January of 1999. This was an enhancement from SSL 3.0. The key differences between SSL 3.0 and TLS 1.0 are:

# Both were having different key derivation functions.
# MACs are not same i.e SSL 3.0 was using a modification ofan early HMAC while TLS 1.0 uses HMAC.
# Both were having different Finished messages.
# There were more TLS alerts.
# DSS/DH support wasneeded by TLS.

TLS 1.1

TLS1.1 was written in April of 2006, and was an update to TLS 1.0. The key changes include:

# The Implicit IV (InitializationVector) was replaced with an explicit IV to provide seucirty against CBC (Cipherblock chaining) attacks.
# For protocol parameters, IANA registries are defined.
# Premature closes resulted in no longer cause a session to be non-resumable.

TLS 1.2

TLS1.2 was written in August of 2008. It was an improved version as compared to versions 1.0 & 1.1. The key differences are:

# The MD5/SHA-1combination in the PRF (pseudorandom function) was replaced withcipher-suite-specified PRFs.
# Both client & server got the ability to specify which signature and hash algorithms they will accept.
# Support for authenticated encryption was added in this version with additional data modes.
# Merged both TLS Extensions definition and AES Cipher Suites.
# Checking of EncryptedPreMasterSecret version numbers was tighter.
# Many of the requirements were tighten up.
# Verify_data lengthdepends on the cipher suite

TLS 1.3

TLS 1.3 is currently being revised and used to provide more security. The key differences with TLS 1.2 are:

# The list of supported symmetric algorithms has been pruned of all legacy algorithms. The remaining algorithms all use AEAD (Authenticated Encryption with Associated Data) algorithms.
# Added a zero-RTT mode which saved a round-trip at the connection setup time for some application data at the cost of certain security properties.
# Removed Static RSA and Diffie-Hellman cipher suites, thus forward secrecy was provided by all public-key based key exchange mechanisms.
# After the ServerHello, all handshake messages can be encrypted.
# Re-designed the Key derivation functions and with the HKDF (HMAC-based Extract-and-Expand Key Derivation Function) being used as aprimitive.
# To make it more consistent, reconstructed the handshakestate machine and superfluous messages were removed.
# Removed compression, DSA and custom DHE groups, PSS is now being used by RSA padding.

Like this topic? Like it or reward the author.

Creating a topic earns you 5 coins. A featured or excellent topic earns you more coins. What is Coin?

Enter your mobile phone number and company name for better service. Go

Tayyab0101 Lv2Posted 21 Jul 2023 21:20
Very informative and written very well indeed.
Faisal P Posted 21 Jul 2023 23:55
Thank you very much for the information ...
Kazuma Lv1Posted 23 Jul 2023 13:17
Thank you for sharing us your knowledge about the difference between SSL and TLS
Newbie517762 Lv5Posted 24 Jul 2023 09:38
I greatly appreciate the valuable information you provided. Thank you.
Farina Ahmed Lv5Posted 24 Jul 2023 13:53
Very informative, thanks for sharing.