Difference between TLS and SSL protocols

19

I'm implementing a class for sending emails on Android.

And I'm implementing so that I can support most email services. Ex: Gmail, Live, Yahoo, and e-mail domain (eg [email protected]).

  

So I'm having problems with some providers using Secure Sockets Layer (SSL) and other Transport Layer Security (TLS) . I do not know clearly what it is, what it is for, and what the difference is between them. And I'd like to get a better understanding of each one of them. In order to find a better solution to my problem.

Example of what I'm talking about

Live (smtp.live.com:587), does not accept SSL only accepts TLS.

The others I tested (Gmail (smtp.gmail.com:465) and Yahoo (smtp.mail.yahoo.com:465)), accept SSL, (Note: if I configure SSL and TLS, it also works in this case).

  

I would like to understand these differences, to make the configuration of an email as simple as possible for the user. And at the same time I want to support the largest number of email providers.

Today I'm asking in user configuration only:

  • SMTP host;
  • SMTP Port;
  • Username (e-mail);
  • Password;
  • What if the provider requires SSL or not;

I know that this protocol subject is broad and is used not only in email providers, but also in other types of network communication (such as TCP, HTTP, HTTPS (with SSL)), so I would like to keep the focus only on email submissions.

Note: I would like to clarify only the protocols, not the implementation, I just mentioned what I'm using in order to be clearer.

    
asked by anonymous 13.03.2014 / 21:13

1 answer

24

Dude, briefly the TLS protocol is an evolution of SSL. How can you remove from this class on TLS and SSL from UFRJ :

  

The differences between SSL and TLS are very small and technical, but they have different standards. TLS has the ability to work on different ports and uses stronger encryption algorithms such as the keyed-Hashing for Message Authentication Code (HMAC) while the SSL only Message Authentication Code (MAC). In addition, version 1.0 of TLS does not interoperate with version 3.0 of SSL.

     

TLS can be used by an intermediary authority, and it is not always necessary to go to the root of a Certification Authority.

     

The TLS protocol was created as the successor to SSL. It is most often used as a configuration in email programs, but like SSL, TLS can play a role in any client-server transaction.

Basically, the tendency is for all email servers to migrate to the TLS protocol, since it is more current and has updates, which will not happen with the SSL protocol.

    
14.03.2014 / 01:13