I am currently reading about these protocols and was wondering what are the scenarios where TLS/SSL would be more useful than IPsec and vice versa?
Asked
Active
Viewed 1,611 times
2
-
I think your question is far too general because it depends on an lot of factors and a correct answer should be like an entire course on both ipsec and TLS. Could you precise wich particular cases you were thinking about ? – Romain Clair Dec 14 '15 at 09:42
1 Answers
3
Some sketchy ideas:
TLS is a protocol working over TCP and you already use it in many applications, like HTTPS, SMTPS, NNTP (port 563), FTPS, etc. The main use is related to HTTP, for web browsing (especially for e-commerce). In these cases, often only the server is authenticated.
You cannot use TLS, for instance, in many real-time applications, since they are not based on TCP, but on UDP.
IPsec is a level 3 protection method could be used, for example, for establishing a VPN connection, maybe among multiple company offices. Since TCP/UDP packets are encapsulated in IP datagrams, you can use IPsec to hide some level 4 informations like session numbers or source/destination ports. IPsec can hide also the IP datagram's header itself, so you can avoid the attacker to do traffic analysis. Both things that with TLS you cannot do.
You cannot use IPsec with NAT, because the latter modifies values in the headers which interfere with the integrity checks done by IPsec.
horcrux
- 132
- 6
-
Overall a good answer. I would correct your last statement about TLS (DTLS exists precisely to support UDP and so on), and explain that TLS can be used for VPN as well, just at a different OSI layer and in different use cases than IPSec. – A. Darwin Jun 22 '18 at 19:59