Skip to content

Instantly share code, notes, and snippets.

@dotherightthing

dotherightthing/security-tls-and-ssl.md

Last active November 1, 2018 10:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dotherightthing/f660533e9acaf86c41fcf23f194a6e64 to your computer and use it in GitHub Desktop.
Save dotherightthing/f660533e9acaf86c41fcf23f194a6e64 to your computer and use it in GitHub Desktop.
Download ZIP
[TLS vs SSL] TLS and SSL are protocols that provide data encryption and authentication between applications (e.g. browsers & email clients) and servers. #security #http2 #ssl #tls
Raw
security-tls-and-ssl.md

TLS (Transport Layer Security) and SSL (Secure Sockets Layer)

Summary

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email. - SSL versus TLS – What’s the difference?

Key differences

  • A program can initiate a secure connection with a server by Port ('explicit' - SSL), or by Protocol ('implicit' - TLS)
  • A negotiation between the client and the server determines which protocol is used. This is based on which software is installed on each and how each is configured.

Use TLS rather than SSL

  • SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1
  • POODLE and BEAST exploited weaknesses in SSL and early TLS
  • There are no fixes or patches that can adequately repair SSL or early TLS
  • TLS v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0

SSL/TLS certificates

  • SSL certificates verify that the domain name they are issued for really belongs to the server, and not some 'middleman'

Sources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment