VPN Encryption
A TLS handshake occurs every time there is a website navigation over HTTPS and the browser initially starts to question the website’s origin server. This handshake also occurs every time other communications utilize HTTPS (Oppliger, 2016). During the handshake, both the client and server will do several things: specify the TLS version they will utilize; make a decision on the cipher suites to utilize; authenticate server identity through the public key of the server and the SSL certificate authority’s digital signature and; produce session keys so as to use symmetric encryption after the handshake is completed.
The IPSEC handshake also involves the exchange of messages between a client and a server. In the first exchange, the algorithms and hashes utilized to make IKE communications safe are stipulated in matching IKEA SAs in every peer. In the 2nd exchange, a Diffie-Hellman is used to produce shared secret keying material. This material is used to produce shared secret keys as well as to pass nonces-random numbers that are sent to the recipient and then signed and returned to confirm who they are (Tiller, 2017). In the 3rd exchange, the other party’s identity is identified.
TLS/SSL and IPSEC are both created to secure data in transit via encryption. However, they differ in some ways. For instance, in IPSec connections, a pre-shared key should be present on both the server and the client so as to encrypt and send traffic to each other. SSL utilizes public key cryptography to negotiate a handshake and exchange keys of encryption safely. Also, compared to SSL-based protocols, IPSec-based protocols take longer in negotiating a protocol. Based on these comparisons, I believe that the SSL is better as it is safer and faster.
References
Oppliger, R. (2016). SSL and TLS: Theory and practice (2nd ed.). Artech House.
Tiller, J. S. (2017). A technical guide to IPSec virtual private networks. CRC Press.
