sending-email – Difference between TLS and SSL protocols

Question:

I'm implementing a class for sending emails on Android.

And I'm implementing it so that it can support most email services. Ex: Gmail, Live, Yahoo, E-mails from your own domain (Ex: myname@mydomino.com).

So I'm having issues regarding some providers using SSL (Secure Sockets Layer) and others using TLS (Transport Layer Security) . I don't know clearly what it is, what it is for and what the difference is between them. And I would like to better understand this from each of them. In order to find a better solution to my problem.

example of what i'm talking about

Live (smtp.live.com:587), does not accept SSL, it only accepts TLS.

The others that I've tested (Gmail (smtp.gmail.com:465) and Yahoo (smtp.mail.yahoo.com:465)), accept SSL, (Note: if I configure SSL and TLS, it also works in this case) .

I would like to understand these differences, to make setting up an email as simple as possible for the user. And at the same time I want to support the largest number of email providers.

Today I am asking in the user configuration only:

  • SMTP host;
  • SMTP port;
  • Username (email);
  • Password;
  • And whether the provider requires SSL or not;

I know this protocol subject is broad and is used not only in email providers, but also in other types of network communication (such as TCP, HTTP, HTTPS (with SSL)), so I would like to focus only on the scope of sending emails.

Note: I would like a clarification only about the protocols, not about the implementation, I just mentioned what I'm using in order to be clearer.

Answer:

Man, in short the TLS protocol is an evolution of SSL. How is it possible to withdraw from this class on TLS and SSL at UFRJ :

The differences between SSL and TLS are very small and technical, but they have different standards. TLS has the ability to work on different ports and uses stronger encryption algorithms like Keyed-Hashing for Message Authentication Code (HMAC) while SSL only Message Authentication Code (MAC). Also, version 1.0 of TLS does not interoperate with version 3.0 of SSL.

TLS can be used by an intermediate authority, it is not always necessary to resort to the root of a Certification Authority.

The TLS protocol was created as the successor to SSL. It is most often used as a setting in email programs, but like SSL, TLS can play a role in any client-server transaction.

Basically, the trend is for all email servers to migrate to the TLS protocol, as it is more current and has updates, which will not happen with the SSL protocol.

Scroll to Top