[RHCE] TLS vs. SSL discussion

Jeremy Portzer rhce@trilug.org
17 Apr 2003 14:22:06 -0400 

--=-aHz8F/3RrOYIO5NcPTrZ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Here is the RFC that defines TLS:
http://www.ietf.org/rfc/rfc2246.txt

Of particular note is this section:

   This document and the TLS protocol itself are based on the SSL 3.0
   Protocol Specification as published by Netscape. The differences
   between this protocol and SSL 3.0 are not dramatic, but they are
   significant enough that TLS 1.0 and SSL 3.0 do not interoperate
   (although TLS 1.0 does incorporate a mechanism by which a TLS
   implementation can back down to SSL 3.0). This document is intended
   primarily for readers who will be implementing the protocol and those
   doing cryptographic analysis of it. The specification has been
   written with this in mind, and it is intended to reflect the needs of
   those two groups. For that reason, many of the algorithm-dependent
   data structures and rules are included in the body of the text (as
   opposed to in an appendix), providing easier access to them.

In practice TLS almost always operates in that "mechanism by which a TLS
implementation can back down to SSL 3.0").  That's why the two systems
(TLS and SSL) are used interchangeably when discussing the services that
use them, such as smtps, imaps, pop3s, and https.  (HTTPs generally uses
SSL 3.0 only, and not TLS at all.)

--Jeremy

--=20
/=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D\
| Jeremy Portzer       jeremyp@pobox.com       trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D/

--=-aHz8F/3RrOYIO5NcPTrZ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA+nvDOb5/3vMwae5IRAhGwAKDDjfU+D3uh4SdcXPXTDkN1AAvQZQCfYQej
eak2eqEcc1Vm6qpC5CzkYXY=
=h6vT
-----END PGP SIGNATURE-----

--=-aHz8F/3RrOYIO5NcPTrZ--