Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.1  SSL/TLS (Secure Sockets Layer / Transport Layer Security)

Previous Topic/Section
Secure Sockets Layer (SSL)
Previous Page
Pages in Current Topic/Section
1
Next Page
2.3.2  HTTP/S
Next Topic/Section

Transport Layer Security (TLS)

TLS, or Transport Layer Security, is a transport layer protocol based on SSL and is considered to be a more flexible successor to it. Although TLS isn’t compatible with SSL v3.0, it is very similar, and the TLS protocol does contain provisions for a TLS connection to back down to SSL v3.0 functionality if required. Like SSL, it supports a wide variety of encryption options, and can use digital certificates for authentication. Unlike SSL, it is application-independent, and can be used to provide a secure channel for protocols other than HTTP, such as SMTP.

When a connection is made, the TLS Record Protocol first calls the TLS Handshake Protocol, which enables both sides of a communication to authenticate themselves to each other (if desired – this step is currently optional) via X.509 public-key certificates, negotiate an (optional) encryption algorithm supported by both sides, and exchange key information. After that, the TLS Record Protocol uses the agreed upon encryption algorithm for data exchange, and the agreed upon hashing algorithm to ensure that the message was not altered during transport. The OpenSSL Project includes an implementation of TLS in addition to SSL.

Implementations of SMTP, IMAP and POP3 have all been layered over TLS. Each of these, because of the encryption and additional authentication by TLS, has been assigned a new port number for incoming communication, so that clients contact one server for unencrypted communication, and another for encrypted communication.

If you’re planning to allow connections to any of these through your firewall, be sure that the appropriate destination port number is open. A NetworkWorldFusion article has the scoop (as of 1999) as to what port numbers are used for which services.196

TLS

TLS (Transport Level Security) is the next generation successor to SSLv3 protocol.

It includes similar functionality and cryptography features was designed to be more flexible than SSLv3, and can be used with application protocols other than HTTP, such as SMTP and IMAP.

Much as SSL uses a separate port for HTTP over SSL, there are separate ports for each application protocol run in combination with TLS.



 __________________

196. Snyder, Joel, “How can TLS increase email security?” http://www.nwfusion.com/newsletters/gwm/0329gw1.html

Previous Topic/Section
Secure Sockets Layer (SSL)
Previous Page
Pages in Current Topic/Section
1
Next Page
2.3.2  HTTP/S
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.