Linux Weekly NewsBytes : 1424

Here is a list of the latest, most happening events and news items from the Linux World. Keep reading to find out what's making the most noise around Linux this week

Managing Printers on Linux

• Came across a short and sweet article that describes the simple steps to installing printers on your Linux machine, be it a local printer or a network printer. Read it to find out how simple the entire process is

The Linux Foundation will pay you for working on Open Source Projects

• Yea, you read it correct. They will pay you. The Linux Foundation has decided to fund some selected, highly critical projects. This seems to have been triggered by the HeartBleed bug. I see this as a good way to avoid future HeartBleeds. The first projects selected for audit are OpenSSL, OpenSSH and NTP

Perl 5.20.0 has been released

• This is first major release after 5.18 and has been released after 12 months of hard work. Next release is planned for May 2015.

Should I use TLS or SSL ?

The straight forward answer to this question is "use either of them, it does not matter"

SSL [ Secure Socket Layer ] was initially developed by Netscape in 1996 [1] This was called SSL v3.0. It was published by ITEF as RFC 6101

TLS [ Transport Layer Security ] was developed as an upgrade to SSL v3.0. This was published in RFC 2246. 

The actual protocol difference between TLS and SSL is not very significant. But SSL v3.0 is consider as a weaker protocol than TLS v1.0. Thus, implementations of TLS v1.0 provide a backward compatibility to SSL v3.0 with the risk of reduced security.

As a programmer for secure code, you would use OpenSSL APIs to code. OpenSSL APIs provide the library interface to use TLS [ or SSL ]. Since the protocol implementation details are hidden within the OpenSSL APIs, the programmer need not bother about the underlying protocol. The programmer need not also bother about how this secure layer will be created when devices use different versions of TLS.

Thus when talking about Secure programming, you will see that people usually use TLS and SSL interchangeably. 

TLS wraps over TCP and thus does not worry about data transfer. It is only a authentication protocol. Once it authenticates the client host, it assumes all data to be good and thus does not encrypt data packets.

There is another protocol called IPSec that you can confuse with TLS. 

IPSec stands for Internet Protocol Security where in each packet is encrypted.

As a small tip, remember that 

1. When you have to connect 2 hosts with a dedicated connection [ aka TCP ] you would use TLS
2. When you have to connect 2 hosts with a datagram connection [ aka UDP ] you would use IPSec
3. When you intend to serve client hosts that are unknown to your network [ not trust worthy ] you would rely on TLS to save you with its certificate exchange protocol
4. When you intend to serve specific clients who are either within your own network or are trusted, you would rely on IPSec