Secure Sockets Layer (SSL) is depricated and Introduced Transport Layer Security (TLS) .To provide communications security over a computer network SSL/TLS was introduced .There are several version of protocols are widely used by the appliations . Websites can use these protocols to secure their sites.The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.It make sure the data transfered between client ( browser ) and server are not modified during transit .Data integrity is provided .
Currently available protocols .
SSL 1.0, 2.0, and 3.0
TLS 1.0
TLS 1.1
TLS 1.2 –> Only TLV1.2 and above are stornger other are considers week and recomend not to use .
TLS 1.3 –>Many of the Organizations are not yet started to use . Will take some years to change to this protocol .
Protocol | Published | Staus |
---|---|---|
SSL 1.0 | Unpublished | Unpublished |
SSL 2.0 | 1995 | Deprecated in 2011 (RFC 6176) |
SSL 3.0 | 1996 | Deprecated in 2015 (RFC 7568) |
TLS 1.0 | 1999 | Deprecated in 2020 |
TLS 1.1 | 2006 | Deprecated in 2020 |
TLS 1.2 | 2008 | |
TLS 1.3 | 2018 |
To Enable SSL we have to use Certificate on the server . It has private and public Keys.
Public Keys are something that are available on the thirdparty site .Also called as Signers (Root and Intermediate Certs )
Private keys are the Server Certificate with Private key resides on the server.
Along with Protocols we will use ciphers which has the Algorith , Key to form the master secret key with the help of certificate private key.
Below table
Algorithm | SSL 2.0 | SSL 3.0 | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 |
---|---|---|---|---|---|---|
RSA | Yes | Yes | Yes | Yes | Yes | No |
DH-RSA | No | Yes | Yes | Yes | Yes | No |
DHE-RSA (forward secrecy) | No | Yes | Yes | Yes | Yes | Yes |
ECDH-RSA | No | No | Yes | Yes | Yes | No |
ECDHE-RSA (forward secrecy) | No | No | Yes | Yes | Yes | Yes |
DH-DSS | No | Yes | Yes | Yes | Yes | No |
DHE-DSS (forward secrecy) | No | Yes | Yes | Yes | Yes | No |
ECDH-ECDSA | No | No | Yes | Yes | Yes | No |
ECDHE-ECDSA (forward secrecy) | No | No | Yes | Yes | Yes | Yes |
ECDH-EdDSA | No | No | Yes | Yes | Yes | No |
ECDHE-EdDSA (forward secrecy) | No | No | Yes | Yes | Yes | Yes |
PSK | No | No | Yes | Yes | Yes | |
PSK-RSA | No | No | Yes | Yes | Yes | |
DHE-PSK (forward secrecy) | No | No | Yes | Yes | Yes | Yes |
ECDHE-PSK (forward secrecy) | No | No | Yes | Yes | Yes | Yes |
SRP | No | No | Yes | Yes | Yes | |
SRP-DSS | No | No | Yes | Yes | Yes | |
SRP-RSA | No | No | Yes | Yes | Yes | |
Kerberos | No | No | Yes | Yes | Yes | |
DH-ANON (insecure) | No | Yes | Yes | Yes | Yes | |
ECDH-ANON (insecure) | No | No | Yes | Yes | Yes |