Transport Layer Security and Secure Sockets Layer

Authored by: Mostafa Hashem Sherif

Protocols for Secure Electronic Commerce

Print publication date:  May  2016
Online publication date:  May  2016

Print ISBN: 9781482203745
eBook ISBN: 9781482203776
Adobe ISBN:

10.1201/b20160-6

 Download Chapter

 

Abstract

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two widely used protocols to secure exchanges at the transport layer between a client and a server. SSL Version 1.0 was used internally within Netscape. Version 2.0 was released to the public in 1994 and integrated into the Netscape Navigator. Version 3.0 corrected deficiencies found in Version 2.0 and was the basis for RFC 2246 that defined TLS 1.0 in 1999 (Freier et al., 1996; Rescorla, 2001). TLS 1.0 was allowed for use to protect U.S. federal data; in contrast, SSL v3 was tolerated in limited, low-risk circumstances, such as to access vendor sites that did not support TLS (Chernick et al., 2005, p. 21, n. 20). TLS 1.0 was next adapted to wireless communication as Wireless TLS (WTLS). Two updates of TLS in 2006 and 2008, respectively, TLS 1.1 and 1.2, are defined in RFCs 4346 and 5246; these updates included a variety of countermeasures and workarounds to reported security threats. Finally, in 2011, RFC 6151 officially withdrew SSL Version 2.0. In parallel, the Datagram Transport Layer Security (DTLS) of RFC 4347 was defined to run on top of unreliable transport protocols; DTLS was later updated in RFC 6347. WTLS is discussed in Chapter 6.

 Cite
Search for more...
Back to top

Use of cookies on this website

We are using cookies to provide statistics that help us give you the best experience of our site. You can find out more in our Privacy Policy. By continuing to use the site you are agreeing to our use of cookies.