Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is TLS over TLS possible?

Would it be possible to establish a TLS connection over TLS with OpenSSL or some other tool?

If possible, would the certificates for each level need to be different?

like image 838
xor Avatar asked Aug 30 '12 19:08

xor


People also ask

Is TLS more secure than TLS?

As such, SSL is not a fully secure protocol in 2019 and beyond. TLS, the more modern version of SSL, is secure. What's more, recent versions of TLS also offer performance benefits and other improvements. Not only is TLS more secure and performant, most modern web browsers no longer support SSL 2.0 and SSL 3.0.

Is TLS unbreakable?

While generally considered an unbreakable security layer, TLS does have some vulnerabilities that are important for network professions to be aware of. These vulnerabilities can pose a real threat to network systems if they are not addressed.

What is more secure than TLS?

HTTP (Hypertext Transfer Protocol) is the protocol used to transfer data on the web. HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL or TLS to encrypt data. HTTP and HTTPS use the same methods to transfer data, but HTTPS is more secure because it uses encryption.

Is TLS over TCP?

TLS is normally implemented on top of TCP in order to encrypt Application Layer protocols such as HTTP, FTP, SMTP and IMAP, although it can also be implemented on UDP, DCCP and SCTP as well (e.g. for VPN and SIP-based application uses).


2 Answers

This should work just fine in theory, though I cannot say for sure whether OpenSSL or something would support it easily. You can technically use the same certificate for multiple TLS connections, even if one is nested inside another.

However, I want to point out that one common reason to nest TLS connections might be to tunnel data over a multi-layered encrypted connection, making some subset of the data available at each stop in the tunnel (i.e. peeling back a layer of the encryption). Using the same certificate doesn't really support that use case. Perhaps you've got another use case in mind.

Furthermore, it is cryptographically sound to encrypt encrypted data. That is, more encryption cannot make data less secure. Lastly, encrypting encrypted data alone will not make it more secure. That is, AES(AES(x,key1),key2) where key1 != key2 is not more (or less) secure than AES(x, key1). Just in case that was your motivation.

like image 112
Luke Avatar answered Oct 20 '22 00:10

Luke


TLS doesn't care what data you're sending and receiving, so it could well be another TLS session (though I've no idea why you'd want to do that).

Since it's another, independent session, there's no reason you wouldn't be able to use the same certificate.

like image 32
James McLaughlin Avatar answered Oct 20 '22 00:10

James McLaughlin