Problem solve Get help with specific problems with your technologies, process and projects.

TLS: Network encryption beyond SSL with Transport Layer Security

Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) for achieving secure transmission across the Internet. But TLS and SSL aren't identical, and there are some significant reasons why TLS adoption has been slow. Brien Posey explains what you should know about TLS in this tip.

About a year ago, the Transport Layer Security (TLS) authentication protocol was slated to become the successor to the SSL protocol that is commonly used to encrypt Web site content. Today, though, confusion and misinformation regarding TLS abound. In this article, I give you the straight scoop regarding what TLS is and is not, and talk about the state of the TLS protocol today.

One common misconception about TLS is that it is the same thing as the SSL protocol. I have seen several Web sites that claim SSL 3.0 and TLS 1.0 are "substantially the same." The truth is that the TLS protocol was based on SSL 3.0, but it is a different protocol. There are no huge differences between the two protocols, but the differences are significant enough that the protocols do not interoperate with each other directly. TLS 1.0 does, however, contain a mechanism through which it can revert to SSL encryption if a client does not support TLS encryption.

Standard standards?

TLS was introduced as a successor to SSL more than a year ago, so you may be wondering why TLS isn't more widely used. There are several reasons for this, one of which is conflicting standards. In May 2006, for example, the Wi-Fi Alliance modified the WPA and WPA2 standards so that rather than supporting a single Extensible Authentication Protocol (EAP), they now support five different EAP standards. The idea behind this move was to make the WPA and WPA2 standards more inclusive.

The problem with modifying the standards is that their names were not changed to reflect the update. This means that if a product claims to be WPA or WPA2 compliant, there is no immediate way to tell whether the compliance refers to the old standard or the new one. Consequently, some companies have been reluctant to adopt the new WPA and WPA2 standards for fear of hardware incompatibilities.

More on TLS and SSL
Transport Layer Security encryption: Five steps to get you started

How SSL and TLS secure network transactions

Find SSL tutorials and advice in the SSL section of our VPN All-in-One Guide
This particular compatibility issue is specific to wireless hardware. When most people think of TLS, they probably think of encryption for Web content. Even so, there have also been some compatibility issues related to TLS-based Web encryption.

For example, there have been some compatibility problems with betas of Windows Vista and Internet Explorer 7. If a user visits a TLS-enabled Web site that does not strictly adhere to the TLS RFC, the session is typically disconnected when the TLS extensions are received during the HTTPS handshake. A Microsoft blog encourages users experiencing such problems to disable the use of TLS and Internet Explorer and to contact the owner of the Web site to talk about the availability of a fix for their TLS implementation.

In spite of the fact that TLS adoption has been slow and that there have been numerous compatibility problems, it does seem that TLS is eventually going to become the standard for HTTP encryption. As I mentioned earlier, Internet Explorer 7 is configured by default to support TLS 1.0. Likewise, TLS will be fully supported in both Windows Vista and Longhorn Server.

About the author:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at

This was last published in November 2006

Dig Deeper on Network Security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.