-   Linux - Security (
-   -   SSL vs. TLS (

X11 04-06-2002 01:21 AM

What's the difference between SSL and TLS, and which is more secure.

unSpawn 04-06-2002 03:39 AM

Generally speaking TLS is the successor to the Netscape-designed SSL. A lot of apps speak TLS nowadays, but not all. You can have both TLS and SSL.

*Before asking questions like "which is more secure" IMHO you should read up on both protocols and it's pitfalls and/or state what you're securing. That'll allow you to ask more specific and detailed questions.

koningshoed 12-14-2002 06:11 AM

ok, so say I'm writing my own application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data which would cause me to lose my job if it were to leak out, what would your advice be?

Grim Reaper 12-14-2002 07:58 AM

<me being a smart arse>
write it on a piece of paper...put it in a suitcase...lock it with a padlock, combination lock, and weld it shut. Handcuff it to your arm, get in your car and drive it to where you want the information to get to.
</me being a smart arse>


and yet, I'm still not too sure about this one...

koningshoed 12-14-2002 04:12 PM

Not where I live. Id put more money on clear text email than on driving through mid-city with that same money. Perhaps if you give me a hundred or so security guards as well. Yes, I know nothing is 100 % secure. Keys can be guessed (highly unlikely though - except for certain implementation cases where things are not as random as they should be), keys can be stolen etc... Point is, which would be harder to brute force?

unSpawn 12-16-2002 10:31 AM

1. ok, so say I'm writing my own application
Get help. Seriously. You don't want to do this on your own w/o peer review from the design stage up.

2. application that has to be as secure as humanly possible, say for arguments sake I'm transferring mission critical data
Realtime or not?
High volume or not?
CPU-bound no prob?
Where does the data come from?
Where does the data go to?
...and what are the bottlenecks in the prev. two?
..and also security wise?
What are your redundancy options?
Is getting the data OOB-like an option?
Is it possible to/what happens if you send the data split up?
Is it still mission critical/usable?

Heh. More questions than answers.

koningshoed 12-16-2002 02:11 PM

Shuks, when I read the email I thought I was in for a serious flaming... phew. Sorry to say, but I am working alone :( - I really do regret that, however, all principles have been checked and are probably as secure as they will be. Secret protocol as well + two way authentication (using SSL certs for which we hold both the CAs's private keys on an a non-internet connected machine). Well, there are other jazz as well.

atm the load is not too bad, probably won't ever go over a hundred or so similtanious connections but I'll monitor that as we go along. CPU usage shoots up to 100 % at points (well,actually if this didn't happen it would be a problem since a CPU is either working or not). But usually (with 4 incomming connections) its sitting under 10 % on a Pentium mmx 200MHz with 64MB Ram.

The data is coming from all kinds of weird places, truth be told, no one knows excactly where it'll come from - and by no one I really mean no one - well, not anyone human anyway.

If you could just point me in a direction, it'll help. What I know about TLS and SSL is limited. I know the ideas behind the whole protocol, hand shaking and proving about holding the private keys etc ... establishing a session key for something like triple des or whatever it is your using. As I understand it TLS is just the newer version of SSL. Or at least the one supposed to have the "standards". Please correct me if I'm wrong.

unSpawn 12-16-2002 05:35 PM

Uh... maybe have a look at these or these books, or try searching off the beaten tracks here for refs?

koningshoed 12-17-2002 04:39 PM

ok, i'll just wait and see if CiteSeer comes back up any time soon ...

thanks for your help so far.

All times are GMT -5. The time now is 01:06 AM.