TLS and SSL
Description
TLS (Transport Layer Security) is a protocol for establishing an encrypted channel between two network hosts. It is intended to provide both confidentiality and authentication, the latter through the use of a system of certificates. SSL (Secure Sockets Layer) was the predecessor to TLS, but the name is still used informally to refer to the TLS and SSL protocols collectively.
The channel provided by TLS has similar functionality to a TCP connection, making it a relatively straightforward matter to build TLS support into existing TCP-based protocols. Examples where this has been done include HTTP, SMTP, POP3, IMAP, FTP and LDAP.
Notable Open Source implementations of TLS include OpenSSL and GnuTLS. Each of these includes a library, a set of utility programs for certificate management, and a generic client and server that can be useful for troubleshooting. GnuTLS is licensed in a manner that is GPL-compatible whereas OpenSSL is not.
microHOWTOs
- Configure Subversion to trust a given SSL certificate
- Create a fresh self-signed SSL certificate for uw-imapd
- Create a self-signed SSL certificate
- Remove the passphrase from an existing OpenSSL key file
See also
Further reading
- T Tierks and E Rescorla, The Transport Layer Security (TLS) Protocol, Version 1.2, RFC 5246, IETF
- OpenSSL: The Open Source toolkit for SSL/TLS (official website)
- The GNU Transport Layer Security Library (official website)