2015年7月7日 · Therefore, SSL/TLS cannot be, in the OSI model, beyond layer 4. Thus, in the OSI model, SSL/TLS must be in layer 6 or 7, and, at the same time, in layer 4 or below. The conclusion is unescapable: the OSI model does not work with SSL/TLS. TLS is not in any layer. (This does not prevent some people from arbitrarily pushing TLS in a layer.

2018年10月7日 · So in reality TLS is mostly session-layer as it provides point-to-point session security for the transport (TCP). In other ways it provides authentication functions which are clearly application layer (OS, utility or user app). So it's a lot of layer 5 and a little of layer 7. It explains how it sits on layers 7 and 5.

2012年9月3日 · In fact, the Wikipedia page puts SSL/TLS in layer 6 (presentation), not 5 like your answer. Propagating that OSI model doesn't actually help in many cases and this layer can be very "artificial". Of course, it's a model, it will always be artificial, but the model doesn't always easily fit the reality, which gets worse when you consider ...

2011年10月6日 · HTTPS is HTTP over SSL/TLS, where the SSL/TLS connection is established first, and then normal HTTP data is exchanged over this SSL/TLS connection. Whether you use SSL or TLS for this depends on the configuration of your browser and of the server (there usually is an option to allow SSLv2, SSLv3 or TLS 1.x).

2018年7月14日 · TLS should be, at least in a broad and theoretical sense, a transport layer protocol. But TLS provide authentication through X.509 certificates which are based on a hostname, server name, or whatever kind of "name" that should only exist at application level (Unless we only authenticate ip addresses).

2019年10月18日 · I knew that the format of the TLS handshake message is as below. "Record header+Handshake layer header+ Handshake message" Now i have confusion while analyzing the TLS handshake messages on TCP. How the structure would look …

2021年10月7日 · TLS does not require TCP. For example I use a TLS authentication key with OpenVPN which (per my configuration to lower overhead) goes over a TUN interface which rides on UDP. TLS can be used on both, and probably on top of other things I'm not aware of.

2012年12月18日 · It's not the presentation layer because SSL/TLS isn't a data translator. SSL/TLS is the session layer. It's not the transport layer because SSL/TLS has to do with a lot more than typical end-to-end communication. It's not the networking layer because SSL/TLS has to do with a lot more than just reaching the destination.

2015年8月5日 · (SSL-3.0 and TLS-1.0 are very similar, but have a few differences, one of them being the client behaviour when having been requested a certificate but being unable to provide one.) If you are really using SSL-3.0, then, first, you should not, because SSL-3.0 has an irremediable weakness (called POODLE ).

2016年2月13日 · If you want to implement TLS you really need to understand the applicable RFC(s) for the version(s) you want 2246/4346/5246, plus several related ones like 3546/4366/6066 for extensions, maybe 4492 (and SEC1 etc) for ECC, maybe added suites like 5288/5289 for GCM, etc.