TLS
(→Links) |
|||
| (2 intermediate revisions by one user not shown) | |||
| Line 6: | Line 6: | ||
'''TLS''' ('''Transport Layer Security''') is a networking protocol that adds encryption and authentication features to other protocols. It is the successor to '''SSL''' ('''Secure Sockets Layer'''), which was originally developed by Netscape. TLSv1.0 is essentially "SSLv3.1", with a different name. | '''TLS''' ('''Transport Layer Security''') is a networking protocol that adds encryption and authentication features to other protocols. It is the successor to '''SSL''' ('''Secure Sockets Layer'''), which was originally developed by Netscape. TLSv1.0 is essentially "SSLv3.1", with a different name. | ||
| − | + | The most familiar protocol that uses TLS is [[HTTP#HTTPS|HTTPS]], a more-secure version of the [[HTTP]] protocol used on the [[Web]]. | |
| − | The most familiar protocol that uses TLS is | + | |
== STARTTLS == | == STARTTLS == | ||
| Line 30: | Line 29: | ||
* [[X.509 certificate]] | * [[X.509 certificate]] | ||
* [[OpenSSL]] | * [[OpenSSL]] | ||
| + | |||
| + | == Specifications == | ||
| + | * RFC 2246: TLS v1.0 | ||
| + | * RFC 4346: TLS v1.1 | ||
| + | * RFC 5246: TLS v1.2 | ||
| + | * RFC 8446: TLS v1.3 | ||
== Links == | == Links == | ||
* [[Wikipedia: Transport Layer Security]] | * [[Wikipedia: Transport Layer Security]] | ||
* [[Wikipedia: Opportunistic TLS]] (STARTTLS) | * [[Wikipedia: Opportunistic TLS]] (STARTTLS) | ||
| + | * [https://tls.ulfheim.net/ The Illustrated TLS Connection] | ||
[[Category:Protocols]] | [[Category:Protocols]] | ||
Latest revision as of 17:08, 18 October 2018
TLS (Transport Layer Security) is a networking protocol that adds encryption and authentication features to other protocols. It is the successor to SSL (Secure Sockets Layer), which was originally developed by Netscape. TLSv1.0 is essentially "SSLv3.1", with a different name.
The most familiar protocol that uses TLS is HTTPS, a more-secure version of the HTTP protocol used on the Web.
Contents |
[edit] STARTTLS
TLS can be implemented in two fundamentally different ways.
In one, a separate TCP port is assigned to the TLS version of the protocol. This is the only method supported by HTTPS.
In another, sometimes called STARTTLS or Opportunistic TLS, the same TCP port is used for both secure and insecure communications. To enable security, the client issues some sort of "STARTTLS" command after establishing the (initially unsecured) connection. This is supported by LDAP, IMAP, etc.
[edit] Disambiguation
TLS can mean:
- A collective name for SSL and TLS.
- TLS version 1.0 and higher, specifically excluding SSL.
- Various "STARTTLS" commands and their associated protocols.
SSL can mean:
- A collective name for SSL and TLS.
- SSL through SSLv3, specifically excluding TLS.
- The use of a special port for SSL/TLS protocols, specifically excluding "STARTTLS" mechanisms.
