Hi everybody, I have a question regarding the main difference between SSL and TLS. I know the forum should used for questions regarding the implementation of OpenSSL but I searched quite a while and didn't find a web page explaining that stuff in a quite good and understandable way. I hope you guys could help me.
If I look at the security mechanism used by a bank, citibank for example they use version 3. Version 3 is mentioned in Details->Version when I make a right-click on the lock symbol. This I hope means SSLv3 and not TLS. I checked also two other bank web pages which uses this version 3 as well. Is this common to use SSLv3 instead of TLS? Is TLS supported but still in a kind of development status and are there any reasons why TLS should (completely) replace SSLv3 for a connection between a client and a server? It is often spoken of an SSL/TLS handshake. Do they behave the same way? Would it be correct to say, "Although TLS is an upgrade of SSL3, the differences between them regarding usable security algorithms and the handshake mechanism are the same. For general client server communication that ensures authentication and encryption with SSL or TLS there is no difference between them." A link to a web page that points out the differences and, if correct, verifies my statement about the current usage of TLS would be very helpful as well. Best regards and thanks Jochen ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
