authen
member
offline  |
| |
| posts: |
36 |
| joined: |
08/07/2006 |
| from: |
San Diego, CA |
|
|
 |
|
|
| SSL/TLS vs StartTLS |
SSL/TLS -- "plain communication over an encrypted channel"
StartTLS -- "encrypted communication over a plain channel"
SSL/TLS and StartTLS are both based on the same SSL or TLS protocols (SSL has been deprecated due to POODLE vulnerability though). Therefore, SSL/TLs and StartTLS are equally secured.
Difference:
SSL/TLS is listening on a dedicated port, typically 636 for LDAP and 443 for HTTP; StartTLS is listening on a normal port.
SSL/TLS's secure mechanism is initialized BEFORE any real communication happens; StartTLS's secure mechanism is initialized (and then closed) AFTER some real communication happens.
SSL/TLS works for ip address host (like 192.168.1.2) because SSL/TLS is initialized once and on a dedicated port; StartTLS doesn't work because StartTLS further checks the match between the host's name and the certificate's subject each time when StartTLS starts (javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '192.168.1.2' does not match the hostname in the server's certificate).
|
|
|
|
|
|
Email To Friend | 
Set Alert To This Topic
New Topic | 
Post Reply 
posted on: 09/11/2015 04:22:19 PM
Edit
Quote
Report
Profile
Reply