Security

Previous Topic Next Topic

When to Use SSL, TLS, or IPSec

At first glance it appears that Windows 2000 Server supports three protocols that do the same thing: provide authentication, data privacy, and data integrity. IPSec, which is lower in the network stack shown in the figure below, secures all data flowing from one computer to another. Applications do not need to be modified to support IPSec, whereas they do need modification in order to support SSL and TLS. Refer to the TCP/IP books listed in “Additional Resources” at the end of this section.

In summary, SSL and TLS are easier to use than IPSec because there is no complex user setup, but applications need to be SSL- and TLS-aware. IPSec is more difficult to implement, but is totally transparent to all applications because it is lower in the network stack.

SSL, TLS, and IPSec in the TPC/IP Protocol Stack


© 1997-1999 Microsoft Corporation. All rights reserved.