SSL versus TLS – What’s the difference?
SSL versus TLS
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two?
Is one more secure than the other?
While SSL and TLS differ in ways that make them inoperable with each other, they are generally considered equal in terms of security. The main difference is that, while SSL connections begin with security and proceed directly to secured communications, TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created.
Both Internet security protocols ensure that your data is encrypted as it is transmitted across the Internet. They also both enable you to be sure that the server that you are communication with is the server you intend to contact and not some “middle man eavesdropper”. This is possible because servers that support SSL and TLS must have certificates issued to them by a trusted third party, like Verisign or Thawte. These certificates verify that the domain name they are issued for really belongs to the server. Your computer will issue warnings to you if you try to connect to a server and the certificate that it gets back is not trusted or doesn’t match the site you are trying to connect to.
If you are mostly concerned about your level of security, you can’t really go wrong choosing either SSL or TLS.
So then, should I choose to connect with TLS or SSL?
The main benefit in opting for TLS over SSL is that TLS was incepted as an open-community standard, meaning TLS is more extensible and will likely be more widely supported in the future with other Internet standards. TLS is even backwards compatible, possessing the ability to “scale down” to SSL if necessary to support secure client-side connections that only understand SSL.
Another more immediate benefit, however, is that TLS allows both secure and insecure connections over the same port, whereas SSL requires a designated secure-only port. For users connecting to an email server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily switch to insecure connections if necessary without needing to change ports. This is not possible with SSL.
However, as discussed in the previous section, it really doesn’t matter which one is used in terms of security.
What happens if I do not use either security protocol?
If neither SSL nor TLS is used, then the communications between you and the server can easily become a party line for eavesdroppers. Your email data and your login information are sent in plaintext for all to see, and there is no guarantee that the server you connect to is not some middle man or interloper.
Does LuxSci support these security protocols?
SSL is the basis of client-server security used by LuxSci for all of our services. We offer a variety of ports for connecting securely to POP, IMAP, and SMTP over both SSL and TLS in addition to the standard insecure ports, and we offer them free of charge. LuxSci also offers MySQL, LDAP and WebMail over SSL and provides SSL for web hosting clients.
To ensure the integrity and security of your data, LuxSci strongly recommends taking advantage of our secure capabilities. See also our Case for Email Security for complete details on the general insecurity of email and what can be done about it.
- Can SSL and TLS be made Compatible?
- New Alternate POP and IMAP Ports
- How Does Secure Socket Layer (SSL or TLS) Work?
- Alternate SMTP Ports – Send Email From Any Location
- Do I need to Buy an SSL Certificate to use Secure Email?