- From: Matthew Dovey <matthew.dovey@las.ox.ac.uk>
- Date: Wed, 16 Aug 2000 02:04:32 +0100
- To: Mark Reichert <markr@sirs.com>, www-zig@w3.org
Thanks, The TLS RFC certainly does seem to have taken large chunks of the SSL3 document, but what made me think that TLS was a little more than an IETF rebadge of SSL3 was the opening comment "The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate (although TLS 1.0 does incorporate a mechanism by which a TLS implementation can back down to SSL 3.0)". However at this point I must defer to the experts to elaborate on what these differences are. Since STunnel works on SSLeay/OpenSSL (STunnel basically provides the proxy code relying on SSLeay or OpenSSL libraries to do the encryption stuff), I would presume that it would also support TLS. Matthew > -----Original Message----- > From: Mark Reichert [mailto:markr@sirs.com] > Sent: 14 August 2000 22:49 > To: www-zig@w3.org > Subject: Re: Securing Z39.50 & SSL > > > SSLeay/OpenSSL support TLS in addition to SSL2 and SSL3. TLS > is for all > intents and purposes SSL3, Netscape's "standard" standardized by IETF. > > > ----- Original Message ----- > > > A quick look over the RFC's reveals that TLS is very close > to SSL but not > > interoperable (I think the main difference is that TLS supports more > > encryption algorithms than SSL etc., but most of the > protocol is almost > > identical) - see RFC 2246 and compare with > > http://home.netscape.com/eng/ssl3/3-SPEC.HTM. A concern > here is to adopt > > something that can be implemented today, as opposed to > something coming in > > the future (e.g. we can't wait for the inbuilt mechanisms > planned for > > Internet2) as some of us have a need to implement this sort > of security > now. > > There are already some proven SSL toolkits (SSLeay, > OpenSSL, STunnel) > > available (both commercial and GNU source code license ones, on both > > Unix/Linux and Windoze platforms). Does anyone know of > similar for TLS > > (that's a genuine question, not a rhetorical one)? > >
Received on Tuesday, 15 August 2000 21:04:42 UTC