SSL vs. TLS

SSL and TLS both the cryptographic protocols but SSL is older version and has been replaced by TLS.  These protocols allows authenticating the server and encrypt the traffic between server and client.  

Nice article on how SSL cryptography works:  SSL Cryptography

  • In short, server sends the public key to browser/client. 
  • Browser generates symmetric session key and encrypts it using server's public key.
  • Server decrypts and retrieves the symmetric session key. 
  • Now browser and server both communicate by encrypting/decrypting data using symmetric session key which is used for that session only. 
in short, SSL ends up using asymmetric and symmetric encryption.

Asymmetric or public key encryption algorithms are : RSA ( public key is factor of two large primes and private keys is those two large prime numbers) , ECC ( Elliptic Curve Cryptography - relies on the fact that it is impractical to find discrete algo for random elliptical curve element in relation to publicly known base point. The benefit is of ECC is smaller key size but it is less supported.) 

Pre-shared or symmetric encryption key algo: Twofish, Blowfish, AES . AES is more popular.  Each of these algos can be applies two way : stream cipher or block cipher. stream cipher applies the key and alogo to each bit in the stream which block cipher applies to a block of bits.

How to check the browser version of SSL/TLS : https://www.howsmyssl.com/
similarly to test server SSL go to https://www.ssllabs.com/

Comments

Popular posts from this blog

SQL

Analytics

DBeaver