Transport Layer Security (TLS)
TLS, or Transport Layer Security, is a transport layer protocol based on SSL and is considered to be a more flexible successor to it. Although TLS isnt compatible with SSL v3.0, it is very similar, and the TLS protocol does contain provisions for a TLS connection to back down to SSL v3.0 functionality if required. Like SSL, it supports a wide variety of encryption options, and can use digital certificates for authentication. Unlike SSL, it is application-independent, and can be used to provide a secure channel for protocols other than HTTP, such as SMTP.
When a connection is made, the TLS Record Protocol first calls the TLS Handshake Protocol, which enables both sides of a communication to authenticate themselves to each other (if desired this step is currently optional) via X.509 public-key certificates, negotiate an (optional) encryption algorithm supported by both sides, and exchange key information. After that, the TLS Record Protocol uses the agreed upon encryption algorithm for data exchange, and the agreed upon hashing algorithm to ensure that the message was not altered during transport. The OpenSSL Project includes an implementation of TLS in addition to SSL.
Implementations of SMTP, IMAP and POP3 have all been layered over TLS. Each of these, because of the encryption and additional authentication by TLS, has been assigned a new port number for incoming communication, so that clients contact one server for unencrypted communication, and another for encrypted communication.
If youre planning to allow connections to any of these through your firewall, be sure that the appropriate destination port number is open. A NetworkWorldFusion article has the scoop (as of 1999) as to what port numbers are used for which services.196
196. Snyder, Joel, How can TLS increase email security? http://www.nwfusion.com/newsletters/gwm/0329gw1.html
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.