LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-06-2002, 01:21 AM   #1
X11
Member
 
Registered: Dec 2001
Location: Brisie, Australia
Distribution: Slackware 8.1
Posts: 324

Rep: Reputation: 30
Question SSL vs. TLS


What's the difference between SSL and TLS, and which is more secure.
 
Old 04-06-2002, 03:39 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Generally speaking TLS is the successor to the Netscape-designed SSL. A lot of apps speak TLS nowadays, but not all. You can have both TLS and SSL.

*Before asking questions like "which is more secure" IMHO you should read up on both protocols and it's pitfalls and/or state what you're securing. That'll allow you to ask more specific and detailed questions.
 
Old 12-14-2002, 06:11 AM   #3
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
ok, so say I'm writing my own application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data which would cause me to lose my job if it were to leak out, what would your advice be?
 
Old 12-14-2002, 07:58 AM   #4
Grim Reaper
Member
 
Registered: Apr 2002
Distribution: Gentoo 2006.0 AMD64
Posts: 399

Rep: Reputation: 30
<me being a smart arse>
write it on a piece of paper...put it in a suitcase...lock it with a padlock, combination lock, and weld it shut. Handcuff it to your arm, get in your car and drive it to where you want the information to get to.
</me being a smart arse>



and yet, I'm still not too sure about this one...
 
Old 12-14-2002, 04:12 PM   #5
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
Not where I live. Id put more money on clear text email than on driving through mid-city with that same money. Perhaps if you give me a hundred or so security guards as well. Yes, I know nothing is 100 % secure. Keys can be guessed (highly unlikely though - except for certain implementation cases where things are not as random as they should be), keys can be stolen etc... Point is, which would be harder to brute force?
 
Old 12-16-2002, 10:31 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
1. ok, so say I'm writing my own application
Get help. Seriously. You don't want to do this on your own w/o peer review from the design stage up.

2. application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data
Realtime or not?
High volume or not?
CPU-bound no prob?
Where does the data come from?
Where does the data go to?
...and what are the bottlenecks in the prev. two?
..and also security wise?
What are your redundancy options?
Is getting the data OOB-like an option?
Is it possible to/what happens if you send the data split up?
Is it still mission critical/usable?

Heh. More questions than answers.
 
Old 12-16-2002, 02:11 PM   #7
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
Shuks, when I read the email I thought I was in for a serious flaming... phew. Sorry to say, but I am working alone - I really do regret that, however, all principles have been checked and are probably as secure as they will be. Secret protocol as well + two way authentication (using SSL certs for which we hold both the CAs's private keys on an a non-internet connected machine). Well, there are other jazz as well.

atm the load is not too bad, probably won't ever go over a hundred or so similtanious connections but I'll monitor that as we go along. CPU usage shoots up to 100 % at points (well,actually if this didn't happen it would be a problem since a CPU is either working or not). But usually (with 4 incomming connections) its sitting under 10 % on a Pentium mmx 200MHz with 64MB Ram.

The data is coming from all kinds of weird places, truth be told, no one knows excactly where it'll come from - and by no one I really mean no one - well, not anyone human anyway.

If you could just point me in a direction, it'll help. What I know about TLS and SSL is limited. I know the ideas behind the whole protocol, hand shaking and proving about holding the private keys etc ... establishing a session key for something like triple des or whatever it is your using. As I understand it TLS is just the newer version of SSL. Or at least the one supposed to have the "standards". Please correct me if I'm wrong.
 
Old 12-16-2002, 05:35 PM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Uh... maybe have a look at these or these books, or try searching off the beaten tracks here for refs?
 
Old 12-17-2002, 04:39 PM   #9
koningshoed
Member
 
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
ok, i'll just wait and see if CiteSeer comes back up any time soon ...

thanks for your help so far.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd and SSL/TLS mikeheggy Linux - Networking 3 12-19-2008 11:01 AM
vsftpd ssl/tls jefffq Linux - Software 2 07-05-2005 07:38 PM
apache SSL/TLS overlord73 Linux - Security 3 05-12-2005 06:53 AM
FTP via SSL (TLS) embsupafly Linux - Security 2 03-02-2005 09:47 PM
qpopper TLS/SSL Handshake failed: -1 frerotjs Linux - Software 0 07-15-2003 08:09 AM


All times are GMT -5. The time now is 12:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration