" sslv3 Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘sslv3’

SSL versus TLS – What’s the difference?

Wednesday, September 20th, 2017

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

 

Read the rest of this post »

What Level of SSL or TLS is Required by HIPAA?

Tuesday, January 13th, 2015

SSL and TLS are not actually monolithic encryption entities that you either use or do not use to connect securely to email servers, web sites, and other systems.  SSL and TLS are evolving protocols which have many nuances to how they may be configured.  The “version” of the protocol you are using and the nuances of the configuration directly affect the security achievable through your connections.

Some people use the terms SSL and TLS interchangeably, but TLS (version 1.0 and beyond) is actually the successor of SSL (version 3.0). … see SSL versus TLS – what is the difference?  In 2014 we have seen that SSL v3 is very weak and should not be used going forward by anyone (see the POODLE attacks, for example), TLS v1.0 or higher should be used.

Among the many configuration nuances of SSL and TLS, which “ciphers” are permitted have the greatest impact on security.  A “cipher” defines the specific encryption algorithm to be used,  the secure hashing (message fingerprinting / authentication) algorithm to be used, and other related things.   Some ciphers that have long been used, such as RC4, have become weak over time and should not be used in secure environments.

Given these nuances, people are often at a loss as to what is specifically needed for HIPAA compliance or any kind of effective level TLS security.

Read the rest of this post »