SSL vs TLS and how to check TLS version in Linux

Updated: Aug 27

Both SSL and TLS protocols aim to protect sensitive information used during transactions such as payment processing that requires authentication to prove the identity of our server to the users.


TLS is a descendent of SSL and is regarded to be more powerful and effective with its latest version known to enhance both privacy and performance.



Understanding SSL

  • SSL stands for “Secure Socket Layer.”

  • Netscape developed the first version of SSL in 1995.

  • SSL is a cryptographic protocol that uses explicit connections to establish secure communication between web server and client.

  • Three versions of SSL have been released: SSL 1.0, 2.0, and 3.0.

  • All versions of SSL have been found vulnerable, and they all have been deprecated.




Understanding TLS

  • TLS stands for “Transport Layer Security.”

  • The first version of TLS was developed by the Internet Engineering Taskforce (IETF) in 1999.

  • Four versions of TLS have been released: TLS 1.0, 1.1, 1.2, and 1.3.

  • TLS is also a cryptographic protocol that provides secure communication between web server and client via implicit connections. It’s the successor of SSL protocol.

  • TLS 1.0 and 1.1 have been “broken” and are deprecated as of March 2020. TLS 1.2 is the most widely deployed protocol version.



Is SSL or TLS more secure?

TLS provides a more robust message authentication system, key material generation along other encryption algorithms when compared to SSL. Thus, TLS provides support with remote passwords, elliptical curve keys and pre-shared keys which are not supported by SSL. TLS still provides backward compatibility for older devices.


The TLS protocol works on two layers where the TLS record protocol provides security to connections. The TLS handshake protocol brings together the client and the server for security key negotiation. Both client and the server authenticate each other before any data transmission.




Understanding SSL Certificates and TLS Certificates

That’s because both “SSL certificate” and “TLS certificate” essentially mean the same thing: They’re both X.509 digital certificates that help to authenticate the server and facilitate the handshake process to create a secure connection.


Some people call them “SSL certificates,” while others refer to them as “TLS certificates.” The name doesn’t matter much because a certificate isn’t the same thing as the protocol. Whatever we call them, what matters is the protocol that it operates on. And these protocols are determined by our server configuration, not by the digital certificates.



Latest TLS version

TLS 1.3 is the latest version of the TLS protocol. TLS, which is used by HTTPS and other network protocols for encryption, is the modern version of SSL. TLS 1.3 dropped support for older, less secure cryptographic features, and it sped up TLS handshakes, among other improvements.


Check the TLS version in Linux

Some vendors already have terminated the support for earlier TLS versions (TLS 1.0 and TLS 1.1) and have completely migrated to TLS version 1.2 even 1.3.


OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default.


We can use the following command to check if which TLS version google.com supports.


#openssl s_client -connect www.google.com:443 -tls1

#openssl s_client -connect www.google.com:443 -tls1_1

#openssl s_client -connect www.google.com:443 -tls1_2

#openssl s_client -connect www.google.com:443 -tls1_3


  • -tls1 for TLSv1

  • -tls1_1 for TLSv1.1

  • -tls1_2 for TLSv1.2

We can also use nmap command to check the TLS version in Linux.

nmap --script ssl-enum-ciphers -p 443 www.google.com





Related:

Understanding X509 Certificate with Openssl Command

OpenSSL Command to Generate View Check Certificate

Create self signed certificate with Openssl Command

164 views
屏幕快照 2021-08-08 下午5.16.32.png