A Detailed SSL Vs TLS Analysis Based on SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2

March 7, 2017 | By  

Both SSL (Secure Sockets Layer) and TLS (Transport Security Layer) are standard security technologies or cryptographic protocols that ensure and provide secure communication over networks. Popular in use today are different versions of both SSL and TLS; they are used in web-browsing, e-mail communication, instant messaging etc. Let’s go for a detailed SSL Vs TLS analysis and examine the differences between some key versions, namely SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2. Here’s the SSL/TLS analysis-

SSL 3.0

A Detailed SSL Vs TLS Analysis Based on SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2

SSL 3.0 was released in 1996, following SSL 1.0 (which, however, wasn’t released though it was created) and SSL 2.0 (which had many security flaws). SSL 3.0 uses a full 128 bits of keying material even when using the Export cipher and features separation of transport of data from the message layer as a highlight. While it allows for record compression and decompression, it also implements a generalized key exchange protocol, allowing Diffie-Hellman and Fortezza key exchanges as well as non-RSA certificates. A major highlight is its ability to fall back to SSL 2.0 when a 2.0 client is encountered.

TLS 1.0

Defined first in RFC 2246 in January 1999, TLS 1.0 was an upgrade from SSL 3.0. The differences, it needs to be pointed out, were not dramatic at all; yet it’s to be noted that SSL 3.0 and TLS 1.0 don’t interoperate. There are differences, however. To be noted is the fact that the key derivation functions and the finished messages are different. TLS 1.0 uses HMAC while SSL 3.0 uses a modification of an early HMAC. TLS, which requires DSS/DH support, has more alerts too.

TLS 1.1

Defined first time in RFC 4346 in April 2006, TLS 1.1 is an update to TLS 1.0. The changes that were brought about included replacing the Implicit Initialization Vector (IV) with an explicit IV to protect against Cipher block chaining (CBC) attacks, changing handling of padded errors to use the bad_record_mac alert rather than the decryption_failed alert to protect against CBC attacks and defining IANA registries for protocol parameters. With TLS 1.1, premature closes are no longer the reason for a session to be non-resumable.

TLS 1.2

Defined first time in RFC 5246 in August 2008, TLS 1.2 was based on TLS 1.1 and had improved flexibility as its highlight. Cipher-suite-specified PRFs were there in place of the MD5/SHA-1 combination in the PRF (pseudorandom function). Similarly, the MD5/SHA-1 combination in the digitally-signed element got replaced with a single hash and there was substantial cleanup to the client’s and server’s ability to specify which hash and signature algorithms they will accept. Another addition to TLS 1.2 was the support for authenticated encryption with additional data modes. Merging in of TLS Extensions definition and AES Cipher Suites and tighter checking of Bleichenbacher/Dlima attack defenses were among the other highlights. To be noted is the fact that many of the requirements were now tightened.


Posted in SSL,Technology

Be Sociable, Share!

Leave a Comment


* fields are mandatory