Tip

TLS: Network encryption beyond SSL with Transport Layer Security

About a year ago, the Transport Layer Security (TLS) authentication protocol was slated to become the successor to the SSL

    Requires Free Membership to View

protocol that is commonly used to encrypt Web site content. Today, though, confusion and misinformation regarding TLS abound. In this article, I give you the straight scoop regarding what TLS is and is not, and talk about the state of the TLS protocol today.

One common misconception about TLS is that it is the same thing as the SSL protocol. I have seen several Web sites that claim SSL 3.0 and TLS 1.0 are "substantially the same." The truth is that the TLS protocol was based on SSL 3.0, but it is a different protocol. There are no huge differences between the two protocols, but the differences are significant enough that the protocols do not interoperate with each other directly. TLS 1.0 does, however, contain a mechanism through which it can revert to SSL encryption if a client does not support TLS encryption.

Standard standards?

TLS was introduced as a successor to SSL more than a year ago, so you may be wondering why TLS isn't more widely used. There are several reasons for this, one of which is conflicting standards. In May 2006, for example, the Wi-Fi Alliance modified the WPA and WPA2 standards so that rather than supporting a single Extensible Authentication Protocol (EAP), they now support five different EAP standards. The idea behind this move was to make the WPA and WPA2 standards more inclusive.

The problem with modifying the standards is that their names were not changed to reflect the update. This means that if a product claims to be WPA or WPA2 compliant, there is no immediate way to tell whether the compliance refers to the old standard or the new one. Consequently, some companies have been reluctant to adopt the new WPA and WPA2 standards for fear of hardware incompatibilities.

More on TLS and SSL
Transport Layer Security encryption: Five steps to get you started

How SSL and TLS secure network transactions

Find SSL tutorials and advice in the SSL section of our VPN All-in-One Guide
This particular compatibility issue is specific to wireless hardware. When most people think of TLS, they probably think of encryption for Web content. Even so, there have also been some compatibility issues related to TLS-based Web encryption.

For example, there have been some compatibility problems with betas of Windows Vista and Internet Explorer 7. If a user visits a TLS-enabled Web site that does not strictly adhere to the TLS RFC, the session is typically disconnected when the TLS extensions are received during the HTTPS handshake. A Microsoft blog encourages users experiencing such problems to disable the use of TLS and Internet Explorer and to contact the owner of the Web site to talk about the availability of a fix for their TLS implementation.

In spite of the fact that TLS adoption has been slow and that there have been numerous compatibility problems, it does seem that TLS is eventually going to become the standard for HTTP encryption. As I mentioned earlier, Internet Explorer 7 is configured by default to support TLS 1.0. Likewise, TLS will be fully supported in both Windows Vista and Longhorn Server.

About the author:
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.

This was first published in November 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.