I have experience working with SSL and limited experience with SSH. SSL is a layer over an existing socket. SSH is a protocol.

What is more secure for client/server applications on various platforms?


Posted on 2004-04-05 11:43:37 by kuphryn
Until the most recent version of SSL, iirc the strongest encryption supported was 3DES, while SSH supports Blowfish and, with SSH2, AES. Both should be safer than 3DES.

I'm not too sure which ciphers the latest SSL/TLS supports, but I think more secure ciphers were included - at least a server I SSL-connect to says "SSLv3-AES256-SHA-256bits", so it should be okay ;)

If you're in charge of both client and server software, you should probably go with SSLv3/TLS and use the stronger ciphers.

I haven't worked with either of the protocols programmatically, but I think SSL is somewhat easier to use anyway (unless you're going to depend on an external SSH tunnel application).
Posted on 2004-04-05 12:03:32 by f0dder
Okay. Thanks.

Posted on 2004-04-07 22:05:56 by kuphryn