Гуглю забанили?https://encrypted.google.com/search?source=ig&hl=ru&rlz=&q=w...
The main difference is that, while SSL connections
begin with security and proceed directly to secured
communications, TLS connections first begin with an insecure “hello”
to the server and only switch to secured communications after the
handshake between the client and the server is successful.
If the TLS handshake fails for any reason, the connection is never created.
Тута понятно?
---
The differences between the two protocols are very minor and very technical,
but they are different standards. TLS uses stronger encryption algorithms
and has the ability to work on different ports. Additionally, TLS version 1.0
does not interoperate with SSL version 3.0.
---
While SSL and TLS provide similar functionality, they are not interchangeable. The TLS protocol is backwards compatible with SSL, however, which means it works with client-server connections that require SSL. Yet, SSL does not work with client-server connections that require TLS.
---
- Comparison of SSL and TLS
Stephen Thomas explains that there are seven main differences between SSL
and TLS. These differences range from protocol version numbers to the generation of
key material.
* Protocol Version in Messages
To differentiate TLS Version 1.0 and SSL Version 3.0, the protocol version
number negotiated by a client and server communicating through TLS Version 1, is
version number 3.1,
* Alert Protocol Message Types
The following message types are those that are allowed as Alert Descriptions
within the TLS protocol. Upon examination of the list, one would that
“NoCertificate” has been removed from the SSL list, since it is assumed that if no
certificate exists for the user, there is no need for a separate message.
TLS uses the assumption that the client can return an empty certificate message
if it does not have a certificate to use.
Additionally, several more descriptions have been added to bring the number of
Alert Descriptions to 23 from 12.
A list of these descriptions is below. Again, those resulting in fatal errors
are bolded.
CloseNotify
UnsupportedCertificate
DecryptError
UnexpectedMessage
CertificateRevoked
ExportRestriction
BadRecordMAC
CertificateExpired
ProtocolVersion
DecryptionFailure
CertificateUnknown
InsufficientSecurity
RecordOverflow
IllegalParameter
InternalError
DecompressionFailure
UnknownCA
UserCancelled
HandshakeFailure
AccessDenied
NoRenegotiation
BadCertificate
DecodeError
* Message Authentication
TLS implements a standardized MAC (H-MAC) that has been proven in many
other implementations. The main benefit to this change is that H-MAC operates with
any hash function, not just MD5 or SHA, as explicitly stated by the SSL protocol.
* Key Material Generation
TLS uses the HMAC standard and its pseudorandom function (PRF) output to
generate key material. Thomas explains that “each system starts with the premaster
secret; next it creates the master secret. Then it generates the required key material.”
The major difference is that SSL uses RSA, Diffie-Hellman or Fortezza/DMS
output to create key material. This output generates secret information based on the
cipherSuite and Parameters selected during session negotiations.
* CertificateVerify
In SSL, the CertificateVerify message requires a complex procedure of
messages. With TLS, however, the verified information is completely contained in the
handshake messages previously exchanged during the session.
* Finished
In TLS, the PRF output of the H-MAC algorithm is used with the master secret
and either a “client finished” or a “server finished” designation to create the Finished
message. In SSL, the finished message is created in the same ad-hoc manner that key
material is generated: using a combination of hash output, selected ciphersuite and
parameter information.
* Baseline Cipher Suites
As mentioned earlier, SSL specifically supports RSA, Diffie-Hellman and
Fortezza/DMS ciphersuites. TLS has stopped allowing Fortezza/DLS support, but
allows for ciphersuites to be added to the protocol in future revisions.
Вариант для распечатки
