LuxSci — secure, premium email & web services
 
 go
login

LuxSci FYI

News, Solutions, and Insider Notes
« Google Chrome Support in WebMail
Wireless WPA Security Already Cracking — Be Sure to use SSL! »

SSL versus TLS - What’s the difference?

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two?

Is one more secure than the other?

While SSL and TLS differ in ways that make them inoperable with each other, they are generally considered equal in terms of security. The main difference is that, while SSL connections begin with security and proceed directly to secured communications, TLS connections first begin with an insecure "hello" to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created.

Both Internet security protocols ensure that your data is encrypted as it is transmitted across the Internet.  They also both enable you to be sure that the server that you are communication with is the server you intend to contact and not some "middle man eavesdropper".  This is possible because servers that support SSL and TLS must have certificates issued to them by a trusted third party, like Verisign or Thawte.  These certificates verify that the domain name they are issued for really belongs to the server.  Your computer will issue warnings to you if you try to connect to a server and the certificate that it gets back is not trusted or doesn’t match the site you are trying to connect to. 

If you are mostly concerned about your level of security, you can’t really go wrong choosing either SSL or TLS.

So then, should I choose to connect with TLS or SSL?

The main benefit in opting for TLS over SSL is that TLS was incepted as an open-community standard, meaning TLS is more extensible and will likely be more widely supported in the future with other Internet standards. TLS is even backwards compatible, possessing the ability to "scale down" to SSL if necessary to support secure client-side connections that only understand SSL.

Another more immediate benefit, however, is that TLS allows both secure and insecure connections over the same port, whereas SSL requires a designated secure-only port. For users connecting to an email server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily switch to insecure connections if necessary without needing to change ports. This is not possible with SSL.

However, as discussed in the previous section, it really doesn’t matter which one is used in terms of security.

What happens if I do not use either security protocol?

If neither SSL nor TLS is used, then the communications between you and the server can easily become a party line for eavesdroppers. Your email data and your login information are sent in plaintext for all to see, and there is no guarantee that the server you connect to is not some middle man or interloper.

Does LuxSci support these security protocols?

SSL is the basis of client-server security used by LuxSci for all of our services. We offer a variety of ports for connecting securely to POP, IMAP, and SMTP over both SSL and TLS in addition to the standard insecure ports, and we offer them free of charge.   LuxSci also offers LDAP and WebMail over SSL and provides SSL for web hosting clients.

To ensure the integrity and security of your data, LuxSci strongly recommends taking advantage of our secure capabilities. See also our Case for Email Security for complete details on the general insecurity of email and what can be done about it.

See Also

 

Similar Posts:

Popularity: 98% [?]

Share and Enjoy:
  • Print this article!
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • Slashdot
  • Ma.gnolia
  • Live
  • Reddit
  • Technorati
  • TwitThis

Tags: , , , , , , , ,

This entry was posted on Monday, November 10th, 2008 at 7:00 am and is filed under TechNotes. You can trackback from your own site.

2 Responses to “SSL versus TLS - What’s the difference?”

  1. Head to Head Battle of the Email Clients | LuxSci FYI Says:
    December 5th, 2008 at 6:10 pm

    [...] Has problems with TLS for SMTP; i.e. Outlook assumes that secure SMTP connections on any port other than 25 are always via SSL (and not TLS — what’s the difference?). [...]

  2. Optimizing Mozilla Thunderbird | LuxSci FYI Says:
    December 11th, 2008 at 10:40 am

    [...] SSL or TLS (what is the difference?)  Be sure to configure your IMAP and SMTP "Security Settings" to use [...]
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
get a quote  free trial

about us | services | quotes & orders | privacy | contact us | site map | login | xpress
Copyright © 2004-2008 Lux Scientiae®, Incorporated

Copyright © 2004-2008 Lux Scientiae®, Incorporated
Page loaded from site: http://www.luxsci.com — Contact sales@luxsci.com or 1-800-441-6612