Transport Security Layer (TLS) and Secure Socket Layer (SSL) are both Cryptographic protocols which provide secure communication over networks.
TLS and SSL have different versions widespread in our today use in applications such as VoIP, web browsing, e-mail and instant messaging.
Difference Between Different Versions of SSL & TSL
SSL 3.0 (Major improvements of SSL 3.0 over SSL 2.0 are:-)
- Released in 1996 and use full 128 bits encryption
- Separation of the transport of data from the message layer
- Ability of the client and server to send chains of certificates, thus allowing organizations to use certificate hierarchy which is more than two certificates deep.
- Implementing a generalized key exchange protocol
- Allowing Diffie-Hellman and Fortezza key exchanges as well as non-RSA certificates.
- Allowing for record compression and decompression
- Ability to fall back to SSL 2.0 when a 2.0 client is encountered
TLS 1.0 (Major differences between SSL 3.0 and TLS 1.0 are)
- This protocol was first defined in RFC 2246 in January of 1999
- Upgrade from SSL 3.0
- Key derivation functions are different
- MACs are different - SSL 3.0 uses a modification of an early HMAC while TLS 1.0 uses HMAC.
- The Finished messages are different
- TLS has more alerts
- TLS requires DSS/DH support
- Protocol was defined in RFC 4346 in April of 2006
- Update to TLS 1.0
- The Implicit Initialization Vector (IV) is replaced with an explicit IV to protect against Cipher block chaining (CBC) attacks.
- Handling of padded errors is changed to use the bad record mac alert rather than the decryption failed alert to protect against CBC attacks.
- IANA registries are defined for protocol parameters
- Premature closes no longer cause a session to be non-resumable.
- This protocol was defined in RFC 5246 in August of 2008.
- Improved flexibility over TLS 1.1, TLS 1.2
- The MD5/SHA-1 combination in the pseudo-random function (PRF) was replaced with cipher-suite-specified PRFs.
- The MD5/SHA-1 combination in the digitally-signed element was replaced with a single hash. Signed elements include a field explicitly specifying the hash algorithm used.
- There was substantial cleanup to the client's and server's ability to specify which hash and signature algorithms they will accept.
- Addition of support for authenticated encryption with additional data modes.
- TLS Extensions definition and AES Cipher Suites were merged in.
- Tighter checking of Encrypted_Pre_Master_Secret version numbers.
- Many of the requirements were tightened
- Verify_data length depends on the cipher suite
- Description of Bleichenbacher/Dlima attack defenses cleaned up.