Beruflich Dokumente
Kultur Dokumente
InformationSecurityStackExchange
signup login tour help
_
InformationSecurityStackExchangeis Here'showitworks:
aquestionandanswersitefor
informationsecurityprofessionals.It's
100%free,noregistrationrequired.
What'sthedifferencebetweenSSL,TLS,andHTTPS?
Igetconfusedwiththetermsinthisarea.WhatisSSL,TLS,andHTTPS?Whatarethedifferences
betweenthem?
editedOct6'11at15:52 askedJul10'11at16:40
ThomasPornin jrdioko
212k 38 487 704 3,806 6 17 35
1 Seetrustworthyinternet.org/sslpulse/#chartprotocolsupportforasurveyofsitesupportfordifferentSSL
andTLSversions.ColonelPanic Dec12'14at10:59
2 December2014:ExpectSSLsupporttodropfastnowit'sirreparablybrokenbyPOODLE.Browsershave
alreadyremovedit(Firefoximmediately ,Chromecautiously ,InternetExplorerpartially )ColonelPanic
Dec12'14at11:41
3Answers
TLSisthenewnameforSSL.Namely,SSLprotocolgottoversion3.0TLS1.0is"SSL3.1".TLS
versionscurrentlydefinedincludeTLS1.1and1.2.Eachnewversionaddsafewfeaturesand
modifiessomeinternaldetails.Wesometimessay"SSL/TLS".
HTTPSisHTTPwithinSSL/TLS.SSL(TLS)establishesasecured,bidirectionaltunnelfor
arbitrarybinarydatabetweentwohosts.HTTPisaprotocolforsendingrequestsandreceiving
answers,eachrequestandanswerconsistingofdetailedheadersand(possibly)somecontent.
HTTPismeanttorunoverabidirectionaltunnelforarbitrarybinarydatawhenthattunnelisan
SSL/TLSconnection,thenthewholeiscalled"HTTPS".
Toexplaintheacronyms:
"SSL"means"SecureSocketsLayer".Thiswascoinedbytheinventorsofthefirstversions
oftheprotocol,Netscape(thecompanywaslaterboughtbyAOL).
"TLS"means"TransportLayerSecurity".Thenamewaschangedtoavoidanylegalissues
withNetscapesothattheprotocolcouldbe"openandfree"(andpublishedasaRFC).It
alsohintsattheideathattheprotocolworksoveranybidirectionalstreamofbytes,notjust
Internetbasedsockets.
"HTTPS"issupposedtomean"HyperTextTransferProtocolSecure",whichis
grammaticallyunsound.Nobody,excepttheterminallyboredpedantic,everusesthe
translation"HTTPS"isbetterthoughtofas"HTTPwithanSthatmeansSSL".Other
protocolacronymshavebeenbuiltthesameway,e.g.SMTPS,IMAPS,FTPS...allofthem
beingabareprotocolthat"gotsecured"byrunningitwithinsomeSSL/TLS.
editedMar22'15at20:10 answeredJul10'11at16:47
AlexisKing ThomasPornin
103 4 212k 38 487 704
21 Tomaketheconfusingperfect:SSL(securesocketlayer)oftenreferstotheoldprotocolvariantwhich
startswiththehandshakerightawayandthereforerequiresanotherportfortheencryptedprotocolsuch
as443insteadof80.TLS(transportlayersecurity)oftenreferstothenewvariantwhichallowstostart
withanunencryptedtraditionalprotocolandthenissuingacommand(usuallySTARTTLS)toinitializethe
handshake.HendrikBrummermannJul10'11at17:23
9 SSLnolongerexists.ThereisTLS0.9,andfortheinsane,TLSversion0.1.JumbogramJul11'11at
2:03
2 @HendrikBrummermann"transactionlayersecurity"?don'tyoumean"transportlayersecurity"?thejh
Nov3'13at15:32
16 Don'tconfusetheissuebymentioningSTARTTLS!TLSandSSLprovidesagenericsecureconnection
thatcanbeusedtosendanyprotocoloverit:whentheHTTPprotocolissentoverTLSorSSLitis
referredtoasHTTPS.TheSTARTTLSfeatureisonlyavailableintheSMTPemailexchangeprotocoland
hasnothingtodowithHTTPorHTTPS.TLSandSSLknownothingabouttheSTARTSSLcommand.
BothTLSandSSLalwaysstartswiththehandshaketoestablishasecureconnection.HoylenMar28
'14at0:36
3 WithSMTPandIMAP,therearetwomethodstouseSSL:oneissimilartoHTTPS(youstartwithSSL,
http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 1/3
3/27/2016 cryptographyWhat'sthedifferencebetweenSSL,TLS,andHTTPS?InformationSecurityStackExchange
andwithinthetunnelyouusetheplainprotocol),theotherusesthe STARTTLS command(youstartwith
theplainprotocol,andthenswitchtoSSLaftersomenegotiation).Theclientmustknowwhattodo
beforehand(notablybecausebothmethodsdon'tusethesameport:143forIMAP+STARTTLS,993with
IMAPwithinSSL).AsgeneraloverlordsofConfusion,Microsoftdecidedtocallthesetwomethods"SSL"
and"TLS".ThomasPorninMay31'14at10:18
SSLandTLSareprotocolsthataimtoprovideprivacyanddataintegritybetweentwoparties
(seeRFC2246),designedtorunoverareliablecommunicationprotocol(typicallyTCP).
AlthoughtheTLSspecificationdoesn'ttalkaboutsockets,thedesignofSSL/TLSwasdoneso
thatapplicationscouldusethemalmostliketraditionalTCPsockets,forexample SSLSocket in
Javaextends Socket (therearesmalldifferencesintermsofusability,though).
HTTPSisHTTPoverSSL/TLS,wheretheSSL/TLSconnectionisestablishedfirst,andthen
normalHTTPdataisexchangedoverthisSSL/TLSconnection.WhetheryouuseSSLorTLSfor
thisdependsontheconfigurationofyourbrowserandoftheserver(thereusuallyisanoptionto
allowSSLv2,SSLv3orTLS1.x).ThedetailsofhowHTTPandSSL/TLSformHTTPSarein
RFC2818.
RegardingthedifferencebetweenSSLandTLS,youmaybeinterestedinthesetwoanswersI
wroteforthesesimilarquestionsonStackOverflowandServerFault:
DifferencebetweenSSL&TLS[Stackoverflow]
WhataretheexactprotocolleveldifferencesbetweenSSLandTLS?[Serverfault]
YoucouldconsiderTLSv1.0asSSLv3.1(infactthat'swhathappenswithintherecords
exchanged).It'sjusteasiertocomparetheTLSv1.0withTLSv1.1andTLSv1.2because
they'veallbeeneditedwithinIETFandfollowmoreorlessthesamestructure.SSLv3being
editedbyadifferentinstitution(Netscape),itmakesitabitmoredifficultsospotthe
differences.
Hereareafewdifferences,butIdoubtIcanlistthemall:
IntheClientHellomessage(firstmessagesentbytheclient,toinitiatethehandshake),
theversionis{3,0}forSSLv3,{3,1}forTLSv1.0and{3,2}forTLSv1.1.
TheClientKeyExchangediffers.
TheMAC/HMACdiffers(TLSusesHMACwhereasSSLusesanearlierversionof
HMAC).
Thekeyderivationdiffers.
TheclientcansendapplicationdatacanbesentstraightaftersendingtheSSL/TLS
FinishedmessageinSSLv3.InTLSv1,itmustwaitfortheserver'sFinishedmessage.
Thelistofciphersuitesdiffer(andsomeofthemhavebeenrenamedfromSSL_*to
TLS_*,keepingthesameidnumber).
Therearealsodifferencesregardingthenewrenegotiationextension.
Generally,thehighertheversionorSSL/TLS,themoresecureitis,providedyouchooseyour
ciphersuitesproperlytoo(higherversionsofTLSalsoofferusingciphersuitesthatare
consideredbetter).(SSLv2isconsideredinsecure.)Inaddition,SSLdoesn'tfallundertheIETF
scope.Forexample,theTLSrenegotiationfixhadtoberetrofittedforSSLv3(althoughSSL/TLS
stackshadtobeupdatedanyway).
Youmayalsobeinterestedinthisanswer:
WhathappensonthewirewhenaTLS/LDAPorTLS/HTTPconnectionissetup?
[Stackoverflow]
NotethatsomepeopleopposeSSLandTLSasbeingthedifferencebetween"SSL/TLSupon
connection"and"upgradetoTLS"(aftersomeconversationusingtheapplicationprotocol).
Despitesomeoftheseanswersbeingrelativelyhighlyupvoted,thisisincorrect.Thismistakeis
propagatedbythefactthatcertainapplications,likeMicrosoftOutlook,offertwoconfiguration
optionscalled"SSL"and"TLS"forSMTP/IMAPconfigurationwhentheyreallymean"SSL/TLS
uponconnection"and"upgradetoTLS".(ThesamegoesfortheJavaMaillibrary,Ithink.)
TheRFCsthattalkaboutSTARTTLSwerewrittenwhenTLSwasalreadyanofficialRFC,that's
whytheyonlytalkaboutupgradingtheconnectiontoTLS.Inpractice,ifyoutweakthe
configurationofyourmailclienttoforceittouseSSLv3insteadofTLS(notsomethingIwould
generallyrecommend),it'sstilllikelytobeabletoupgradetoSSL/TLSusingSTARTTLSwithan
SSLv3connection,simplybecauseit'smoreaboutthemodeofoperationthantheversionof
SSL/TLSand/ortheciphersuites.
ThereisalsoavariantofHTTPwheretheupgradetoSSL/TLSisdonewithintheHTTPprotocol
(similarto STARTTLS inLDAP/SMTP).ThisisdescribedinRFC2817.AsfarasIknow,thisis
almostneverused(andit'snotwhat'susedby https:// inbrowsers).Themainrelevantpartof
thisRFCisthesectionabout CONNECT forHTTPproxyservers(thisisusedbyHTTPproxy
serverstorelayHTTPSconnections).
editedOct20'14at13:36 answeredJul11'11at8:59
Bruno
7,392 1 18 36
http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 2/3
3/27/2016 cryptographyWhat'sthedifferencebetweenSSL,TLS,andHTTPS?InformationSecurityStackExchange
3 RFC2817isnotusedinpracticebecauseitmessestoomuchwiththeinternalstructureofHTTPSclient.
Instead,clientsnowusethe"ServerNameIndication"tosolvethesameproblem,namelytoadvertisethe
intendedservernamebeforetheserversendsitscertificate(thisisforvirtualhosting)SNIisanextension
addedbytheclientatthebeginningoftheTLShandshake.ThomasPorninJul11'11at12:04
@Thomas,agreed,butthediff.betweenHTTPS(asweuse)andRFC2817wouldhavebeenthesameas
betweenSMTPSandSTMP+STARTTLS.Indeed,oneofthepointsitaddressesisthesameproblemas
SNI,butIthinktherewaslessdemandatthetimeforthis,andclients/serverssupportingRFC2817never
reallytookoff.MakingsuretheURIwasvisibly https:// (tomakeitarguablymoresecure?)seemsto
havebeenanargumenttokeepthecleardistinction(insteadofpossiblytransparentupgrade),AFAIK.
There'salsoadiscussionhere:ietf.org/mailarchive/web/tls/current/msg01096.htmlBrunoJul11'11at
13:00
1 @barlopSorry,itwasindeedbadlyworded,Imeantitas"insteadof".BrunoOct20'14at13:38
SSLVSTLS
ThetermsSSLandTLSareoftenusedinterchangeablyorinconjunctionwitheachother
(TLS/SSL),butoneisinfactthepredecessoroftheotherSSL3.0servedasthebasisforTLS
1.0which,asaresult,issometimesreferredtoasSSL3.1.
WhichismoreSecureSSLorTLS
Intermsofsecuritytheybothareconsiderequallysecured
Themaindifferenceisthat,whileSSLconnectionsbeginwithsecurityandproceeddirectlyto
securedcommunications,TLSconnectionsfirstbeginwithaninsecurehellototheserverand
onlyswitchtosecuredcommunicationsafterthehandshakebetweentheclientandtheserveris
successful.IftheTLShandshakefailsforanyreason,theconnectionisnevercreated.
(SSLandTLSvsHTTP)
HTTPprotocolisusedtorequestandrecivethedataandhttpsinwhichthe's'isnothingbut
secureSSLwhichmakesthehttpprotocolrequestandreceiveactivityencryptedsonomiddle
manattackercanobtainthedataeasily.
IfneitherSSLnorTLSisusedwithHTTP
thenyourconnectionwiththewebserverisunencryptedallthedatawillbesentinplaintextany
middlemanattackercanobtainandviewthatdata.
soshouldgowithSSLorTLS
well,botharesamebutTLSismoreextensibleandhopingtogetmoresupportinfutureandTLS
isbackwardcompatible.
editedJul10'11at19:16 answeredJul10'11at18:53
HendrikBrummermann mr_eclair
21.2k 4 61 105 532 2 8
5 Sorry,1for"Themaindifferenceisthat,whileSSLconnectionsbeginwithsecurityandproceeddirectlyto
securedcommunications,TLSconnectionsfirstbeginwithaninsecurehellototheserverandonlyswitch
tosecuredcommunicationsafterthehandshakebetweentheclientandtheserverissuccessful.".SSLv3
andTLSconnectionsarebothinitiatedwithahandshake,doneintheverysameway(bothstartingwith
ClientHello ).YoumightbeconfusingSSL/TLSonconnectionandupgradetoTLSviasomethinglike
STARTTLS . Bruno Jul11'11at9:17
TLS1.2finallysupportsSHA2basedHMAC,sointheorynewdeploymentsshouldbeusingTLS1.2only
HubertKarioJul12'11at20:53
http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 3/3