Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is TLS over TLS possible?

Tags:

ssl

openssl

cryptography

encryption

Would it be possible to establish a TLS connection over TLS with OpenSSL or some other tool?

If possible, would the certificates for each level need to be different?

like image 838
xor Avatar asked Aug 30 '12 19:08

xor

People also ask

Is TLS more secure than TLS?

As such, SSL is not a fully secure protocol in 2019 and beyond. TLS, the more modern version of SSL, is secure. What's more, recent versions of TLS also offer performance benefits and other improvements. Not only is TLS more secure and performant, most modern web browsers no longer support SSL 2.0 and SSL 3.0.

Is TLS unbreakable?

While generally considered an unbreakable security layer, TLS does have some vulnerabilities that are important for network professions to be aware of. These vulnerabilities can pose a real threat to network systems if they are not addressed.

What is more secure than TLS?

HTTP (Hypertext Transfer Protocol) is the protocol used to transfer data on the web. HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL or TLS to encrypt data. HTTP and HTTPS use the same methods to transfer data, but HTTPS is more secure because it uses encryption.

Is TLS over TCP?

TLS is normally implemented on top of TCP in order to encrypt Application Layer protocols such as HTTP, FTP, SMTP and IMAP, although it can also be implemented on UDP, DCCP and SCTP as well (e.g. for VPN and SIP-based application uses).

2 Answers

This should work just fine in theory, though I cannot say for sure whether OpenSSL or something would support it easily. You can technically use the same certificate for multiple TLS connections, even if one is nested inside another.

However, I want to point out that one common reason to nest TLS connections might be to tunnel data over a multi-layered encrypted connection, making some subset of the data available at each stop in the tunnel (i.e. peeling back a layer of the encryption). Using the same certificate doesn't really support that use case. Perhaps you've got another use case in mind.

Furthermore, it is cryptographically sound to encrypt encrypted data. That is, more encryption cannot make data less secure. Lastly, encrypting encrypted data alone will not make it more secure. That is, AES(AES(x,key1),key2) where key1 != key2 is not more (or less) secure than AES(x, key1). Just in case that was your motivation.

like image 112
Luke Avatar answered Oct 20 '22 00:10

Luke

TLS doesn't care what data you're sending and receiving, so it could well be another TLS session (though I've no idea why you'd want to do that).

Since it's another, independent session, there's no reason you wouldn't be able to use the same certificate.

like image 32
James McLaughlin Avatar answered Oct 20 '22 00:10

James McLaughlin
Sign in to Comment

Related questions

How can I encrypt/decrypt PHP GET parameters?
How secure is javax.crypto.Cipher?
Why doesn't this simple AES encryption work?
Encrypt login and password in sqlite database - SHA 256 in C#
Encrypting database tables in SQL Server 2008
CryptoJS and Pycrypto working together
c# AES Decryption
Encryption Diff Between Java and C#
Select different padding modes in OpenSSL commands
Incorrect string value errors in AES_ENCRYPT/AES_DECRYPT
"Unsupported state or unable to authenticate data" with aes-128-gcm in Node
WCF netTCPBinding - Is transport encryption enough?
Calculate HMAC-SHA256 digest in ColdFusion using Java
Does mcrypt support asymmetric encryption?
Is there a .NET class to handle encryption?
What is the best way to encrypt a password?
What happens when I type the wrong password?
How secure is it to store an encryption key in source code?
Attaching Encrypted Database to Unencrypted Database Using SQLCipher
Java - Missing final characters when encrypting using blowfish

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!