SSL(Secure Sockets Layer) or TLS(Transport Layer Security) both provide encrypted communication channel. Both protocols are capable of Confidentiality, integrity, and Availability so both works fine. But there is some technical differences. Let’s check what’s SSL, TLS or startTLS
Note: Recently few major security vulnerability find in SSL like Heart-Bleed and Poodle which lead to us that TLS is more secure then SSL.
What is SSL?
Originally NetScap developed the SSL for private communication and intergirty. It’s use asymmetric algorithm(public and private keys) for secure communication.
Handshake Protocol: Both server negotiate on encryption, MAC(Message Authentication Code) and cryptography keys.
Alert Protocol: Reports any error between communication.
Change Cipher Protocol: Provide a message that communication has started.
Record Layer: It provides confidentiality and integrity of message. Record layer provide a header for each message. Each message is divided into blocks and each block is encrypted with encryption.
What is TLS?
TLS is a successor of SSL protocol created by IETF and defined in RFC 2246. It’s designed to stop tempring and forgery of messages. TLS build upon two layers.
HandShake Protocol: It’s provide authenticity of server. Both server must be agree on same encryption level and encryption keys before communication.
TLS Record Protocol: MAC(Message Authentication Code) generated a has function which is used to secure the private communication between systems. This private communication is generated through symmetric cryptography keys.
SSL and TLS provide a secure channel between two systems and communicate in a specific port. This is the begin of problem, every protocol like HTTP, FTP or SMTP not provide built in encryption so their encrypted version works on different port
HTTP->80=>HTTP Secure->443 SMTP->25=>SMTP Secure->465
Its prectically not suitable to create two ports for each protocol and decided to add SSL or TLS encryption on existing protocol.
What is StartTLS
It sound like StartTLS use TLS protocol but it just it’s name. StartTLS can be used with TLS or SSL. StartTLS just add additional encryption layer of insecure communication. It upgrade the insecure communication to a secure channel using SSL or TLS without needing a additional port for secure communication.
So every communication start with plain text but SSL and TLS make it secure in existing port.
Like we can use port 25 (SMTP without encryption) and use startTLS to make it encrypted without needing an additional port for secure communication.