Hi guys,
just a very general question, but can somebody tell me when I use openSSL and when IPSEC to secure data transfer over the internet? It seems both of them are doing the same, only at different levels of the network protocol. So I am not absolutely sure why we need both of them.
Cheers for your help
Yes, different levels of the network protocol. One is implemented in the OS and the other in an application.
So the reason that both are needed:
IPSEC can secure all traffic including that from applications that don't use encryption. But, both sides must use an OS that supports IPSEC and must be configured by the system administrator.
SSL can secure the traffic for one application. It does not need to use a particular OS and it does not need administrator access permissions to configure it.