[sarciszewski]

Item number 1: SSL is obsolete, use TLS.

Can we please, as a society, try to move forward with the correct acronym? Everyone who isn't wide-open-vulnerable is using TLS 1.0 or newer. (Personally, I like to run TLS 1.2 only, but my CloudFlare domains still speak 1.0 and I can't turn it off without paying money.)

[nailer]

Yep, and people mean 'host name' rather than 'domain name'. But web developers don't care and use the terms interchangably, infosec people know SSL was rebranded into TLS by Microsoft, and none of these things are important since everyone knows what you're talking about and being pedantic would distract from your actual message.

[scrollaway]

> try to move forward with the correct acronym?

This won't happen as long as OpenSSL (or libressl) is popular.

[marcosdumay]

Luckily, libressl is being discontinued in favor of libtls, that has a saner interface. Or, better, if I understood the strategy correctly, libressl is being transformed into a wrapper of libtls, with frozen functionality until people stop using it.

[mikemaccana]

libtls is part of libressl: http://www.libressl.org/

> LibreSSL is composed of four parts:

> The openssl(1) utility, which provides tools for managing keys, certificates, etc. > libcrypto: a library of cryptography fundamentals > libssl: a TLS library, backwards-compatible with OpenSSL > libtls: a new TLS library, designed to make it easier to write foolproof applications

[draw_down]

It's difficult to understand the difference, especially when people use the terms interchangeably.

[geofft]

The difference is that SSL was the name for the protocol Netscape invented, and TLS was the name for the protocol that went through a standardization process. SSL 1.0 was Netscape-internal and horribly broken. SSL 2.0 was less so, and after that came SSL 3.0. Then the standards process renamed it and released TLS 1.0, then TLS 1.1, and then TLS 1.2 (and there's now TLS 1.3 under development).

Those TLS versions identify themselves in the handshake as if they were SSL 3.1, SSL 3.2, and SSL 3.3, in fact.

It's basically just like how Windows NT went from 4 to 2000 to XP to Vista to 7. It's just marketing/politics, and the underlying technical version number just kept steadily ticking upwards (2000 was 5, XP was 5.1, and Vista was 6) with no regard for marketing.

[sarciszewski]

Easy mode:

    - SSL is outdated
    - TLS is newer

Yes, there are a lot more differences, but if we start today we might be able to retire the use of SSLang in the future.

[draw_down]

Fantastic.

[yuhong]

As a side note, using SSL to just refer to SSLv2 and SSLv3 is a misnomer. SSLv2 and SSLv3 are completely different protocols.

[adrtessier]

Seriously. I can understand non-engineering-types calling SSL "SSL" still, but there's a point at which I will begin to date or discredit people's knowledge of "SSL" if they're still referring to it as such (and not to one of the libraries like polar, open, boring, etc.) I don't generally like being a pedant, but SSL and TLS are different things that attempt to solve the same problem, much like WEP and WPA. Most people don't call WPA WEP anymore.

[geofft]

It's very different from WPA and WEP. "TLS" was a rebranding as part of the standardization process, for political reasons, and was not merited by any of the actual protocol changes. The wire format of TLS 1.0 looks exactly like how you'd have expected an SSL 3.1 or 4.0 to look, down to the fact that the version number field literally contains 3.1. The data structures are the same, the encoding is the same, many of the algorithms are the same, etc. And many of the protocol bugs are the same, and were only closed down in TLS 1.2.

WEP and WPA are completely different protocols. WEP only supports a shared, fixed encryption key, and in its common mode has no handshake. WPA always uses a handshake and derives a per-session key for encryption, and therefore requires a stateful client. (This is why, e.g., on Linux, you can use `iwconfig` to set a WEP password but you need to run the `wpa_supplicant` daemon for a WPA-password.) WPA's handshake supports EAP, and WEP has no concept of it. And so forth.

Perhaps you're thinking of WPA vs. WPA2? That's much more like SSL 3.0 and TLS 1.0: there was a standardization process between them, the protocol has been adjusted to address inherent security issues, there are more secure algorithms available, etc. but it's still clearly an extension of the original protocol. But here, again, most practitioners and implementors are happy to call both protocols "WPA" without any risk of confusion or inaccuracy.

[adrtessier]

> WEP and WPA are completely different protocols.

Nope, I'm not thinking of WPA/WPA2; I'm just destroyed here by a lack of my own ability to properly communicate things sometimes.

At the high level, "SSL" is a term for an obsolete standard that encrypts connections, protocols be damned, supplanted by the term and the protocol changes that make up TLS. WEP is an obsolete standard for encrypting wireless connections (so is WPA), and WPA2 is the newest version. However, often we'll hear technical and non-technical people talk about how they implement "SSL" even though that's not technically the correct term to use anymore. Rarely do people use "WEP" to mean WPA.

Does that make more sense?

[ricksplat]

WPA/WPA2 is a very good analogy for SSL/TLS. Effectively the same protocol, but a more rigorously defined standard. In the case of WPA2 it was WPA as ratified by IEEE 802.11i, whereas the original WPA had to be rushed out to answer the immediate deficiencies in WEP.

[agwa]

> I don't generally like being a pedant, but SSL and TLS are different things that attempt to solve the same problem, much like WEP and WPA.

That is not really accurate - TLS 1.0 is very similar to SSL 3.0. They're so similar that implementations use much of the same code for both. TLS 1.0 should have been called SSL 3.1, but because of the browser wars between Netscape and Microsoft it was renamed (SSL was invented by Netscape, Microsoft didn't want to adopt a Netscape technology). See http://tim.dierks.org/2014/05/security-standards-and-name-ch...