Guest

Cisco Email Security Appliance

Content Security Appliance Data Encryption with SSL and TLS

Document ID: 117920

Updated: Jul 11, 2014

Contributed by Andrew Wurster, Robert Sherwin, Cisco TAC Engineers.

   Print

Introduction

This document provides definitions for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption methods and describes how they are used.

SSL and TLS Overview

The SSL and TLS encryption methods are the two most highly-used methods for data encryption over a network stream or transport session.

The SSL encryption method was originally developed by Netscape in order to secure HTTP communications that traversed the Internet during its widespread adoption in the 1990's. The SSL Version 2.0 was the first public release, followed shortly by SSL Version 3.0, which was updated in order to address some serious security flaws in the previous version.

The TLS Version 1.0 was the successor to the SSL Version 3.0. It offered security algorithm, alerting, and specification enhancements. Although the changes were subtle, they were drastic enough to make the two protocols incompatible with one another. The TLS encryption method has since been improved with additional cipher suites, such as Advanced Encryption Standard (AES), and more secure key generation algorithms. The most current version at this time is TLS Version 1.2.

Note: As of AsyncOS 8.5.6, only TLS v1 is supported.  TLS v1.1, 1.2 are not yet supported.  Please review sslconfig from the CLI, and choose GUIINBOUND, or OUTBOUND to view cipher methods available.

SSL and TLS Usage

Today, most client-server programs that utilize secure transports, such as Simple Mail Transfer Protocol (SMTP) and HTTPS transactions, are based on SSL Version 3.0 and TLS Version 1.x.  Although many applications have built-in support for secure transports like SSL and TLS, any program can be carried over secure tunnels. Many new applications have evolved for this reason, such as secure phone communications like the Session Initiation Protocol (SIP) and VPNs, which make use of a modified TLS encryption method that is carried over UDP-type IP packets (dTLS).

While the terms SSL and TLS are sometimes used interchangeably, the protocols are not identical. The primary differences revolve around the cipher suites (encryption types) that are negotiated by client and server, as well as the methods by which they select those ciphers. Essentially, TLS is the preferred means for network communications encryption, as its development is more open and robust and has been standardized by the IETF.

Note: Refer to RFC 5246 for details on the TLS Version 1.2 specifications and the SSL Internet Draft for SSL Version 3.0 information.

Updated: Jul 11, 2014
Document ID: 117920