1

What is the best protocol for client-server communication? TLS or IPsec? I have a public channel where users communicate with each other using a digital certificate like X.509.

elli
  • 329
  • 2
  • 10
  • see: http://serverfault.com/questions/202917/openvpn-vs-ipsec-pros-and-cons-what-to-use – lepe Oct 22 '15 at 00:55
  • 1
    @gowenfawr The OP isn't asking about SSH at all. While that answer gives great information on IPsec, I'm not sure it completely answers this question. – RoraΖ Oct 22 '15 at 12:52
  • @RoraZ, IMHO SSH and TLS are both application-layer encryption protocols, and in terms of their architectural capabilities they're equivalent. Both questions really come down to application-layer versus transport-layer encryption. That said, I'll often vote to close duplicate safe in the belief that 4 other people need to agree with me before it does any damage :) :) :) – gowenfawr Oct 22 '15 at 13:02

2 Answers2

1

It depends on your use case which is not really clear from your question.

What is the best protocol for client-server communication?

If you only care about securing data transfer between two applications (i.e. typical client and server scenario) SSL/TLS like used in the browsers is probably better because only changes on the applications are necessary.

IPSec on the other hand is more suitable for connecting networks with each other, i.e. VPN. In this case not only the traffic between two applications need to be secured but every traffic between two computers, independent of the application. This requires deeper changes on the systems which usually require administrative rights and thus is too complex if you just want two applications communicate securely with each other. You could also use SSL based VPN solutions instead of IPSec to create a VPN between various systems and it is more a question of usability and coexistence with other technologies (like traversing firewalls or NAT) if you choose IPSec or SSL VPN if you need network level instead of application level secure connectivity. Both offer adequate security if properly set up.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

From: http://www.giganews.com/vyprvpn/compare-vpn-protocols.html

L2TP/IPsec is a good choice if OpenVPN isn't supported by your device and security is top priority. OpenVPN is the recommended protocol for desktops including Windows, Mac OS X and Linux.

Check that link, there is more information there.

lepe
  • 2,184
  • 2
  • 15
  • 29
  • A link in an answer is fine, but the answer should always contain the gist of the link, or the relevant information. There's a reason let me google that for you links aren't allowed on stack exchange. Please expand the answer some more. Suggested edit: Why OpenVPN is the suggested protocol, and why L2TP/IPsec is a good fallback. – Robert Mennell Oct 22 '15 at 03:48
  • @RobertMennell: Yes, I agree with you. I think that this question could be a duplicated of the link I posted above on the question comments, which explains just what you are suggesting (OpenVPN vs IPSec). – lepe Oct 22 '15 at 09:15