Question

You have recently joined Star Technical Solutions as an information security officer. The company has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, you want to use another protocol which offers stronger security than SSL. Which protocol is similar to SSL but offers stronger security? Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form.

Answer 1

Which protocol is similar to SSL but offers stronger security?

Answer:

Transport Layer Security (TLS) protocol is similar to Secure socket layer protocol (SSL) but offers stronger security. TLS protocol is the latest, secure and updated version of SSL protocol.

Justify your answer by comparing the features of SSL and your proposed protocol in a tabular form.

Secure socket layer protocol (SSL)	Transport Layer Security (TLS)
1) SSL 1.0 was designed by “Netscape” in the year “1994”.	1) TLS 1.0 was designed in the year “1999” as an upgrade of SSL Version 3.0
2) SSL uses symmetric cryptography. The most commonly used symmetric algorithms are AES-128, AES-192 and AES-256.	2) TLS follows a superior standardization process like RC4, Triple DES, AES, etc.
3) SSL has one alert message “NO Certificate”.	3) TLS has several alert messages.
4) After Message encryption is done, SSL uses “Message Authentication Code (MAC)”.	4) After Message encryption is done, TLS uses “HMAC” a hash-based message authentication code.
5) In SSL, the hash determination also includes the master secret and pad.	5) In TLS, hashes are determined over handshake message.