疑问
在看https的定义的时候,常常有https是http+ssl/tls这样的说法,相信很多人搞不清楚为什么要叫ssl/tls?为什么不是直接叫http+ssl或直接叫http+tls?为什么这这两个要一起说?难道说https有两套实现方式?一套是http+ssl,一套是http+tls?它们到底有什么区别?
SSL和TLS简史
SSL(Secure Socket Layer)和TLS(Transport Layer Security)是一种能够在服务器/个人电脑和通过网络运行的应用程序(列如,客户端连接到web服务器)之间提供身份认证和数据加密的加密协议。SSL是TLS的前世。多年来,新版本的发布用来解决漏洞,提供更强大支持,更安全的密码套件和算法。
SSL最初是由Netscape开发的,早在1995年以SSL 2.0的方式发布(1.0从未对公众发布)。在一些漏洞被发现之后,版本2.0在1996年很快被3.0所取代。注意:版本2.0和3.0有时会写成SSLv2和SSLv3。TLS以SSL 3.0为基础于1999年作为SSL的新版本推出。
TLS协议和SSL 3.0之间的差异并不明显,但是他们都非常重要且TLS 1.0 和 SSL 3.0不具有互操作性
SSL/TLS发布日期:
– SSL 1.0,未发布公开,因为严重的安全性漏洞
– SSL 2.0,1995.02,包含一些需要在SSL3.0解决的安全漏洞
– SSL 2.0 在2011年被RFC 6176禁止
– SSL 3.0,1996,代表着该协议的完整重新设计,
– SSL 3.0也在后来June 2015被RFC 7568禁止.
– TLS 1.0 在January 1999首次在RFC 2246中定义,作为SSL 3.0的升级版本
– TLS 1.1April 2006在RFC 4346 中定义
– TLS 1.2August 2008 在 RFC 5246定义,基于TLS 1.1进行升级
– SSL 1.0,未发布公开,因为严重的安全性漏洞
– SSL 2.0,1995.02,包含一些需要在SSL3.0解决的安全漏洞
– SSL 2.0 在2011年被RFC 6176禁止
– SSL 3.0,1996,代表着该协议的完整重新设计,
– SSL 3.0也在后来June 2015被RFC 7568禁止.
– TLS 1.0 在January 1999首次在RFC 2246中定义,作为SSL 3.0的升级版本
– TLS 1.1April 2006在RFC 4346 中定义
– TLS 1.2August 2008 在 RFC 5246定义,基于TLS 1.1进行升级
你应该使用SSL还是TLS?
SSL2.0和SSL3.0已经被IEFT组织废弃(分别在2011年,2015年)多年来,在被废弃的SSL协议中一直存在漏洞并被发现 (e.g. POODLE, DROWN)。大多数现代浏览器遇到使用废弃协议的web服务时,会降低用户体验(红线穿过挂锁标志或者https表示警告)来表现。因为这些原因,你应该在服务端禁止使用SSL协议,仅仅保留TLS协议开启。
证书并不是协议
在开始担心需要用TLS证书来替换SSL证书之前,认识到证书并不依赖协议这很重要。也就是说,你不需要使用TLS证书和SSL证书。然后很多产商倾向于使用短语“SSL/TLS证书”。也许“用于SSL和TLS的证书”的说法更加准确,因为是你服务的配置而不是证书决定了你使用的协议。
你可能会继续看到被称作SSL证书的证书,因为现在人们更加熟悉这个术语。但是我们开始看到术语TLS在行业的使用不断增加,在更多人熟悉TLS之前,SSL / TLS是一种常见的折中方案。
SSL 和 TLS 是否有任何不同的加密?
事实上,这个问题的答案是肯定的。但是对于历史版本SSL 2 和 SSL 3或 TLS 1 和1.1,1.2,1.3你也可以说同样的话。SSL和TLS都是关于同一协议的,但是由于版本的不同,SSL 2,3不具有互操作性,SSL 3和TLS 1也不具有互操作性。你可以认为Transport Layer Security(TLS)仅仅是SSL v4的新名称。本质上,我们谈论的是相同的协议。
每当协议最新的版本发布时都会进行改进,添加、废弃一些功能。SSL 1从未对公众发布过,SSL 2 对外发布过,但是因为其设计带有重要缺陷,SSL 3 在 SSL 2上进行了重写,TLS 1是SSL 3的改进版本。自从TLS1.0之后很少有重大的改变,但是每次改变都很重要。
值得注意的是,SSL和TLS简单指发生在客户端和服务端的握手过程,握手本身实际不进行任何加密,它只是同意将要使用的共享秘钥和加密方式。
每当协议最新的版本发布时都会进行改进,添加、废弃一些功能。SSL 1从未对公众发布过,SSL 2 对外发布过,但是因为其设计带有重要缺陷,SSL 3 在 SSL 2上进行了重写,TLS 1是SSL 3的改进版本。自从TLS1.0之后很少有重大的改变,但是每次改变都很重要。
值得注意的是,SSL和TLS简单指发生在客户端和服务端的握手过程,握手本身实际不进行任何加密,它只是同意将要使用的共享秘钥和加密方式。
-----------------------------------------------------
SSL vs. TLS - What's the Difference?
Internet security is a bit like alphabet soup – SSL, TLS, ECC, SHA, the list goes on. All these acronyms can make it confusing to figure out what you actually need. Perhaps the one we get asked about the most is - what’s the difference between SSL (Secure Socket Layers) and TLS (Transport Layer Security)? You know you want to secure your website (or other type of communication), but do you need SSL? TLS? Both? Let’s break it down.
A Brief History of SSL and TLS
SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines and applications operating over a network (e.g. a client connecting to a web server). SSL is the predecessor to TLS. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms.
SSL was originally developed by Netscape and first came onto the scene way back in 1995 with SSL 2.0 (1.0 was never released to the public). Version 2.0 was quickly replaced by SSL 3.0 in 1996 after a number of vulnerabilities were found. Note: Versions 2.0 and 3.0 are sometimes written as SSLv2 and SSLv3.
TLS was introduced in 1999 as a new version of SSL and was based on SSL 3.0:
The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate.”(source)
TLS is currently at v. 1.2, with TLS v. 1.3 currently in draft.
Should You Be Using SSL or TLS?
Both SSL 2.0 and 3.0 have been deprecated by the IETF (in 2011 and 2015, respectively). Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL protocols (e.g. POODLE, DROWN). Most modern browsers will show a degraded user experience (e.g. line through the padlock or https in the URL bar, security warnings) when they encounter a web server using the old protocols. For these reasons, you should disable SSL 2.0 and 3.0 in your server configuration, leaving only TLS protocols enabled.
Certificates are not the same as protocols
Before anyone starts worrying that they need to replace their existing SSL Certificates with TLS Certificates, it’s important to note that certificates are not dependent on protocols. That is, you don’t need to use a TLS Certificate vs. an SSL Certificate. While many vendors tend to use the phrase “SSL/TLS Certificate”, it may be more accurate to call them “Certificates for use with SSL and TLS", since the protocols are determined by your server configuration, not the certificates themselves.
It’s likely you will continue to see certificates referred to as SSL Certificates because at this point that’s the term more people are familiar with, but we’re beginning to see increased usage of the term TLS across the industry. SSL/TLS is a common compromise until more people become familiar with TLS.
Are SSL and TLS Any Different Cryptographically?
In truth, the answer to this question is yes, but you can say the same about the historic versions of SSL 2 and 3 or the TLS versions 1 with 1.1, 1.2 or 1.3. SSL and TLS are both about the same protocol but because of the version differences, SSL 2 was not interoperable with version 3, and SSL version 3 not with TLS version 1. You could argue that Transport Layer Security (TLS) was just a new name for SSL v4 - essentially, we are talking about the same protocol.
Each newly released version of the protocol came and will come with its own improvements and/or new/deprecated features. SSL version one was never released, version two did but had some major flaws, SSL version 3 was a rewrite of version two (to fix these flaws) and TLS version 1 an improvement of SSL version 3. Since the release of TLS 1.0 the changes have been less significant, but never less important.
It’s worth noting here that SSL and TLS simply refer to the handshake that takes place between a client and a server. The handshake doesn’t actually do any encryption itself, it just agrees on a shared secret and type of encryption that is going to be used.
For more information on the new features released in TLS 1.3, visit the Cloudflare blog.
Disabling SSL 2.0 and 3.0
If you’re not sure if your servers are still supporting SSL protocols, you can easily check using our SSL Server Test.
Results of GlobalSign server test highlight any protocols that are enabled, but shouldn’t be.
For instructions on how to disable SSL 2.0 and 3.0 on popular server types, including Apache, NGINX and Tomcat, check out our related support article.
So what's the difference between SSL and TLS? In conversation, not much and many people continue to use the term SSL. In terms of your server configuration though, it's the difference between vulnerabilities, outdated cipher suites and browser security warnings. When it comes to your servers, you should only have TLS protocols enabled.
