Currently set to Index

SSL vs. TLS: Which Provides the Best Protection?

3 minutes 2 comments
Art
Art
Web Hosting Geek

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are two security protocols that provide encryption and authentication between applications where data travels over an insecure network such as the internet. While the terms are often used interchangeably, one is actually the successor to the other. In fact, SSL 3.0 laid the foundation for the first version of TLS, which is why it is sometimes called SSL 3.1. Let’s take a closer look at these protocols to see if we can determine if one is better than the other.

Similarities and Differences

SSL and TLS differ in such a way that they are actually inoperable with one another. However, they are essentially equal in terms of the level of security they provide. For instance, both can ensure that your data is protected with reliable encryption when traveling over the internet. They also make sure the server you are communicating with is the one you intended to contact and not a middle man eavesdropping on your transactions. This is because any server with SSL or TLS installed must also be equipped with certificates issued by a third-party CA (Certificate Authority) such as Thawte or Verisign. These certificates essentially verify that the website actually belongs to the domain name owner and server.

RELATED:   The Top 8 Web Security Falsehoods and Blunders

The main difference between these two protocols is that an SSL connection starts out by applying security and then proceeds into secured communications while a TLS connection does not. TLS actually begins with an insecure “hello” to the server. It only proceeds into secured communications after a successful handshake between the client and server. Should the handshake fail for any reason, TLS will not create a connection of any sort. Despite this significant difference, SSL and TLS both make fine options for security. You really can’t go wrong with either.

The TLS Advantage

There are reasons to choose TLS over SSL, and the most significant relates to how it was developed. TLS is based on open community standards, which makes it far more extensible and more likely to be supported in the future. Perhaps the most unique advantage of TLS is that it is backwards compatible, which basically means that it can be scaled to secure client side connections that only support SSL. Another distinct benefit is that TLS permits secure and insecure connections over a single port, while SSL designates one port for secure connections only. Even this factor does not make either any more or less secure than the other.

RELATED:   Has the Cloud Grown Too Fast to Guarantee Security?

When it comes to SSL or TLS, what you need to know is that by not using either, the communications between you and another server can become the party line for eavesdroppers and cyber criminals. The data contained in your email, login screens and even financial transactions will be delivered across the net in plaintext for all to see. In addition, there will be no way to ensure that the server you connect with is valid and not just an interloper or middle man setting you up for the fall. Therefore, it would be wise to adopt either of these protocols to keep your communications private.

Comments

2 Comments

  • Avatar eric says:

    Another advantage of TLS is that managed VPS servers are often configured in such a way that they basically are permitted only one SSL login per account, and it belongs to the account root.

    That means, for example, that if you have a team working on development and they all need to be able to securely upload files, they’ll all have to have the account root login.

    Most of those same VPS systems, however, will allow you to configure their FTP server to require TLS, thus avoiding that limitation.

  • Avatar Jay W says:

    Aren’t there some security advantages that TLS has over SSL, such as using different keys for different purposes (since SSL has same keys for different purposes), and there is possibilities for certificates to be forged under SSL, theoretically (leaf nodes, and also the name field reading stopping after null values in SSL?)

    maybe I’m lost in the sauce, but I’m trying to find a web host that supports TLS since that’s probably going to be the main way soon. No?

    thanks for reply
    -J

Leave a Reply

Your email address will not be published. Required fields are marked *