TLS: Network encryption beyond SSL with Transport Layer Security

One common misconception about TLS is that it is the same thing as the SSL protocol. I have seen several Web sites that claim SSL 3.0 and TLS 1.0 are "substantially the same." The truth is that the TLS protocol was based on SSL 3.0, but it is a different protocol. There are no huge differences between the two protocols, but the differences are significant enough that the protocols do not interoperate with each other directly. TLS 1.0 does, however, contain a mechanism through which it can revert to SSL encryption if a client does not support TLS encryption.

Standard standards?

TLS was introduced as a successor to SSL more than a year ago, so you may be wondering why TLS isn't more widely used. There are several reasons for this, one of which is conflicting standards. In May 2006, for example, the Wi-Fi Alliance modified the WPA and WPA2 standards so that rather than supporting a single Extensible Authentication Protocol (EAP), they now support five different EAP standards. The idea behind this move was to make the WPA and WPA2 standards more inclusive.

The problem with modifying the standards is that their names were not changed to reflect the update. This means that if a product claims to be WPA or WPA2 compliant, there is no immediate way to tell whether the compliance refers to the old standard or the new one. Consequently, some companies have been reluctant to adopt the new WPA and WPA2 standards for fear of hardware incompatibilities.

More on TLS and SSL Transport Layer Security encryption: Five steps to get you started How SSL and TLS secure network transactions Find SSL tutorials and advice in the SSL section of our VPN All-in-One Guide

This particular compatibility issue is specific to wireless hardware. When most people think of TLS, they probably think of encryption for Web content. Even so, there have also been some compatibility issues related to TLS-based Web encryption.

For example, there have been some compatibility problems with betas of Windows Vista and Internet Explorer 7. If a user visits a TLS-enabled Web site that does not strictly adhere to the TLS RFC, the session is typically disconnected when the TLS extensions are received during the HTTPS handshake. A Microsoft blog encourages users experiencing such problems to disable the use of TLS and Internet Explorer and to contact the owner of the Web site to talk about the availability of a fix for their TLS implementation.

In spite of the fact that TLS adoption has been slow and that there have been numerous compatibility problems, it does seem that TLS is eventually going to become the standard for HTTP encryption. As I mentioned earlier, Internet Explorer 7 is configured by default to support TLS 1.0. Likewise, TLS will be fully supported in both Windows Vista and Longhorn Server.

About the author:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Wide Area Networks WAN optimization: A market update Remote Desktop troubleshooting How the NetFlow protocol monitors your WAN Network design: Five ways to lower your costs Remote office backup, archiving and disaster recovery for networking pros Troubleshooting WAN performance issues Cisco CCIP MPLS certification: Introduction Distribution of labels -- Cisco CCIP MPLS certification: Lesson 3 Label imposition -- Cisco CCIP MPLS certification: Lesson 4 Configuring MPLS -- Cisco CCIP MPLS certification: Lesson 5 Remote Access VPNs Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' Can I set up a VPN on my wireless router? VPN security: Hiding in plain sight, using network encryption SonicWall acquisition could hurt Aventail users Does IPv6 support encryption in the IP stack? What equipment do I use to connect two LANs in different cities? What are the steps? Are there any architectures of IPsec VPN apart from lookaside and flow-through? NAC -- Strengthening your SSL VPN WAN optimization and acceleration appliances tackle SSL traffic Remote access keeps physicians connected Remote Access VPNs Research WAN Technologies Next-generation wide area network services on the rise Broadband bonding vendor offers SMBs affordable appliance Upgrade your network: Network evolution and roadmap How to design a redundant WAN architecture Does WAN optimization work when compression's enabled on host devices? How do I calculate the time taken for a file to be transferred over a WAN link? MPLS implementation gotchas Troubleshooting WAN performance issues MPLS and Cisco CCIP certification Cisco CCIP MPLS certification: Introduction RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.