Difference between TLS and SSL protocols

Asked

Viewed 10,051 times

20

I’m implementing a class for sending emails on Android.

And I’m implementing so that I can support most email services. Ex: Gmail, Live, Yahoo, And emails from your own domain (Ex: [email protected]).

So I’m facing problems regarding some providers using SSL (Secure Sockets Layer) and others TLS (Transport Layer Security). I do not know clearly what it is, what it is for and what the difference is between them. And I would like to understand this better from each of them. In order to find a better solution to my problem.

Example of what I’m talking about

Live (smtp.live.com:587), does not accept SSL only accepts TLS.

The others I tested (Gmail (smtp.gmail.com:465) and Yahoo (smtp.mail.yahoo.com:465)), accept SSL, (Note: if I configure SSL and TLS, it also works in this case).

I would like to understand these differences, to make the configuration of an email as simple as possible to the user. And at the same time want supports the largest number of email providers.

Today I’m asking in user setting only:

  • Host SMTP;
  • SMTP port;
  • Username ();
  • Password;
  • And whether the provider requires SSL or not;

I know that this protocol subject is broad and is used not only in email providers, but also in other types of network communication (such as TCP, HTTP, HTTPS(with SSL)), so I would like to focus only on the scope of email submissions.

Note: I would like a clarification only on the protocols, not on the implementation, I just mentioned what I am using in order to be clearer.

1 answer

25


Man, briefly the TLS protocol is an evolution of SSL. How is it possible to remove of this class on TLS and SSL at UFRJ:

The differences between SSL and TLS are very small and technical, but they have different standards. TLS has the ability to work on different ports and uses stronger encryption algorithms like the keyed-Hashing for Message Authentication Code (HMAC) while SSL only Message Authentication Code (MAC). In addition, TLS version 1.0 does not interfere with SSL version 3.0.

The TLS can be used by an intermediate authority and there is always no need to use the root of a Certification Authority.

The TLS protocol was created as the successor to SSL. It is most often used as a configuration in email programs, but like SSL, TLS can play a role in any client-server transaction.

Basically, the trend is that all mail servers migrate to the TLS protocol, since it is more current and has updates, which will not happen with the SSL protocol.

  • Very good the article of UFRJ, clarified me some doubts. Thanks for the clarification.

  • 1

    I realized that in my case of email configuration, I must create an option to select the security protocol used, something similar to this: SSL, TLS, or none. So at the time of setting up, the user must inform which security protocol their email provider uses, or none if they do not use.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.