Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Protocols > S/MIME - Pg. 144

144 Eleventh Hour Security : Exam SY0-201 Study Guide This new standard is called Transport Layer Security , or TLS , and although it is a new name, it is functionally a logical development from SSL. In fact, the ver- sion number embedded in a TLS 1.0 stream is "3.1," essentially declaring that a TLS-capable client is actually an SSL 3.1 client. TLS was designed as an extra layer on top of TCP/IP, but underneath an appli- cation, so as to make it easy to add TLS to an existing application. This means that TLS is divided into three sections--negotiation, communication, and clo- sure. Four sections, if you count the inclusion of error information. TLS is not completely a "black box" addition--there are some subtleties to developing an SSL/TLS compliant program. HTTP vs. HTTPS vs. SHTTP The usual use case for TLS still remains the one for which it was originally designed--that of protecting World Wide Web transactions over HTTP. HTTP itself is a text-based protocol, which makes debugging and analysis by humans easy, but also makes theft of data in transit by humans and machines alike even easier.