Is there a difference between SSLv3 and TLS1.0? | ansaurus

tags:

views:

1544

answers:

2

Q:

Is there a difference between SSLv3 and TLS1.0?

Is there a difference between SSLv3 and TLSv1? How does IIS6.0 control what type of security is used for a website enabled with HTTPS?

MS says that there is a hierarchy in which the security and encryption level is negotiated before connection is established. What is this hierarchy?

Is SSLv3 available in IIS6.0 by default on Windows Server 2003?

+1 A:

SSLv3 and TLSv1 are not the same, however TLSv1 is based on SSLv3.

This is a protocol which is backward compatible, and gives a way to determine which version to use according to the "handshake" that takes place between the client and the server.

Read more here (this helped me understand it better): http://en.wikipedia.org/wiki/Secure_Sockets_Layer

fasih.ahmed 2008-12-22 06:19:20

Thanks. but what is the difference/advantage of TLSv1 over SSLv3 then? What is the hierarchy when the protocol is determined during the handshake - will the web server (IIS6.0) prefer TLSv1 over SSLv3? Can this be configured?

Nishith 2008-12-26 09:51:37

A:

Thanks. but what is the difference/advantage of TLSv1 over SSLv3 then? What is the hierarchy when the protocol is determined during the handshake - will the web server (IIS6.0) prefer TLSv1 over SSLv3? Can this be configured?

Nishith 2009-01-02 07:09:04

related questions

Why is access denied when installing SSL cert on IIS 5?

What does a PHP developer need to know about https / secure socket layer connections?

Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?

Coding Dojo with IE and SSL

Enforce SSL in code in an ashx handler

How to connect to PostgreSQL from .NET using TLS with both client and server authentication?

HELP SSL GURUs!!! ... Problems with SSL Connection

What's a clean/simple way to ensure the security of a page?

How to specify accepted certificates for Client Authentication in .NET SslStream

SharePoint stream file for preview

Problem with Oracle Application Server SSL Certificates

Is there a limit with the number of SSL connections?

Testing HTTPS files with MAMP

Cheapest SSL certificates

Limiting traffic to SSL version of page only

How do I support SSL Client Certificate authentication?

Why can't I connect to my CAS server with Perl's AuthCAS?

Is there a way to make Firefox ignore invalid ssl-certificates?

How do I create a self signed SSL certificate to use while testing a web app.

Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

HTTPS in IIS 5.1

How do you redirect HTTPS to HTTP?

Debugging: IE6 + SSL + AJAX + post form = 404 error

How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS

Options for Google Maps over SSL