We must first know the relationship between SSL and TLS are: parallel relationship
1. The latest version of the TLS (Transport Layer Security, Transport Layer Security) is a new protocol IETF (Internet Engineering Task Force, Internet Engineering Task Force) to develop, it based on SSL 3.0 protocol specification, follow-up version of SSL 3.0. There are significant differences between SSL 3.0 and TLS, the main different encryption algorithms are supported, the SSL 3.0 and TLS are not interoperable.
2.TLS the difference SSL
1) Version number: TLS and SSL record recording format the same format, but with different values of the version number, the TLS version 1.0, the version number is used by SSL SSLv3.1.
2) The message authentication code: TLS different SSLv3.0 and a MAC algorithm and MAC calculation range. TLS uses HMAC algorithm defined in RFC-2104 (a message to a key K M as input and generates a fixed-length output as a message digest). SSLv3.0 using similar algorithms, the difference is that SSLv3.0, the use of padding bytes between the key and the connecting operation, and the HMAC algorithm using the exclusive-OR operation . But the degree of security of both is the same.
3) pseudorandom function: TLS using a pseudo-random function PRF is referred to as the expanded key data block, a more secure way.
4) the alarm code: TLS supports almost all SSLv3.0 alarm code, and TLS also added a lot of alarm code definitions, such as decryption fails (decryption_failed), record overflow (record_overflow), unknown CA (unknown_ca), deny access (access_denied) Wait.
5) CipherSuite and client certificates: SSLv3.0 and TLS small amount difference, that is, TLS does not support Fortezza key exchange, encryption algorithm and client certificates.
6) certificate_verify and finished message: SSLv3.0 and TLS when calculating MD5 and SHA-1 hash code and finished with certificate_verify message, input the calculated bit different, but quite safety.
7) The encryption calculation: TLS different ways and used in calculating SSLv3.0 master secret value (master secret).
8) filled with: a user data prior to encryption requires increased stuffing bytes. In SSL, the data length of the filled yo ah minimum integer multiple of the length of the ciphertext fast. In TLS, the data length after the filling may be any integer multiple of the length of the ciphertext block (but filled with a maximum length of 255 bytes), it prevents the packet length based on analysis attacks.
The main enhancements 2.TLS's
main goal is to make SSL TLS safer, more accurate and standardized protocols and perfect .
TLS on the basis of SSL v3.0 provides the following additions:
1)更安全的MAC算法
2)更严密的警报
3)“灰色区域”规范的更明确的定义
