In one of the interviews, interviewer asked me "What is the difference between SSL and TLS ?"
I said TLS is successor of SSL. But he was not satisfied with my one line answer. Then he asked "Does that mean there is no difference between SSL and TLS ?"
So guys following are the high level differences between SSL and TLS:
- Hashing --> SSL uses MD5, SHA-1 while TLS uses SHA-256
- Key exchange algorithm --> SSL uses KEA while TLS uses DH, ECDH, DHE, ECDHE, PSK etc.
- Data encryption --> SSL uses DES, RC4 etc. while TLS uses AES etc.
- Integrity --> SSL uses MAC while TLS uses HMAC
The point of this post is, don't be like me, be like Bob.
Whenever Bob studies a concept, he always asks himself WHY ? (For e.g. in this case) "Why TLS is needed when SSL is already there ?"
So, being in cybersecurity domain, you are not always expected to know low level details of each and every protocol but atleast you should know high level details and be able to corelate your answer with vulnerabilities (For e.g. in this case, SSL3.0 is vulnerable to BEAST and POODLE attacks whereas TLS1.0 fixes them).
Happy Learning !!
No comments:
Post a Comment