Subject: SSL vs TLS - What's different?
Author: authen
Posted on: 04/27/2007 02:22:03 PM
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications over the Internet. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same.
Secure Socket Layer (SSL) 3.1 was released through Netscape in 1996. which later served as the basis for TLS version 1.0, an IETF standard protocol first defined in RFC 2246 in January 1999. The current approved version is 1.1, which is specified in RFC 4346.
Since TLS is the successor, some security measures get tightened while adapting SSL and in that sense TLS is securer than SSL. For example, in TLS the pseudorandom function splits the input data in half and processes each one with a different hashing algorithm (MD5 and SHA-1), then XORs them together. This provides protection if one of these algorithms is found to be vulnerable.
References:
