Menu
Would it be possible to establish a TLS connection over TLS with OpenSSL or some other tool?
If possible, would the certificates for each level need to be different?
838
As such, SSL is not a fully secure protocol in 2019 and beyond. TLS, the more modern version of SSL, is secure. What's more, recent versions of TLS also offer performance benefits and other improvements. Not only is TLS more secure and performant, most modern web browsers no longer support SSL 2.0 and SSL 3.0.
While generally considered an unbreakable security layer, TLS does have some vulnerabilities that are important for network professions to be aware of. These vulnerabilities can pose a real threat to network systems if they are not addressed.
HTTP (Hypertext Transfer Protocol) is the protocol used to transfer data on the web. HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL or TLS to encrypt data. HTTP and HTTPS use the same methods to transfer data, but HTTPS is more secure because it uses encryption.
TLS is normally implemented on top of TCP in order to encrypt Application Layer protocols such as HTTP, FTP, SMTP and IMAP, although it can also be implemented on UDP, DCCP and SCTP as well (e.g. for VPN and SIP-based application uses).
This should work just fine in theory, though I cannot say for sure whether OpenSSL or something would support it easily. You can technically use the same certificate for multiple TLS connections, even if one is nested inside another.
However, I want to point out that one common reason to nest TLS connections might be to tunnel data over a multi-layered encrypted connection, making some subset of the data available at each stop in the tunnel (i.e. peeling back a layer of the encryption). Using the same certificate doesn't really support that use case. Perhaps you've got another use case in mind.
Furthermore, it is cryptographically sound to encrypt encrypted data. That is, more encryption cannot make data less secure. Lastly, encrypting encrypted data alone will not make it more secure. That is, AES(AES(x,key1),key2) where key1 != key2 is not more (or less) secure than AES(x, key1). Just in case that was your motivation.
112
TLS doesn't care what data you're sending and receiving, so it could well be another TLS session (though I've no idea why you'd want to do that).
Since it's another, independent session, there's no reason you wouldn't be able to use the same certificate.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
