TCP Security

TCP does not natively provide secure communication aside from limited protection against mis-delivery via the Checksum field in the TCP header. TCP-based applications can rely on IPsec for security services. Alternately, TCP-based applications can rely on an OSI Transport Layer protocol (other than TCP) for security services. The Transport Layer Security (TLS) protocol is one such option. TLS is currently defined in IETF RFC 2246. TLS operates above TCP (but within the Transport Layer) and provides peer authentication, connection-oriented data integrity, and data confidentiality. TLS operation is transparent to all ULPs. TLS is comprised of two sub-protocols: the TLS Record Protocol and the TLS Handshake Protocol. TLS is sometimes referred to as the Secure Sockets Layer (SSL). However, SSL is a separate protocol that was originally developed by Netscape for secure web browsing. HTTP is still the primary consumer of SSL services. TLS v1.0 evolved from SSL v3.0. TLS and SSL are not compatible, but TLS implementations can negotiate the use of SSL when communicating with SSL implementations that do not support TLS.