is SSL as secure as a VPN

assuming the VPN is trusworthy and secure, how does SSL compare security wise ?. my main comparison would be in FTP,downloaders etc.......


Gazzer.

 

I could make this a really long post but I won't. I actually use both at the same time. e.g. I am currently vpn (and maybe TOR too at times) and also always using https/SSL here. I have the same two at play on several FTP's I use. SSL is great if you KNOW there is no MITM chance and if you have a system setup to verify cert fingerprints and report ANY exception. Most don't do that.

My VPN provider uses perfect forward secrecy, which virtually eliminates any MITM chances. Every hour or less the secondary but needed keys keep changing. Should an adversary acquire the private overall key (almost impossible to do but not impossible) used by https/SSL type connections they would end up with nothing!! PFS would make me chose VPN over conventional SSL. If either is not compromised via a stolen master private key they are safe as can be. Since I don't control the private master key of either I feel better connecting with a provider that uses PFS. Again, why not use both? You still have to get from the exit node to the FTP right?

Do you control the FTP? The SSL question doesn't matter if you don't and its not configured for SSL.

 

The simplest answer is that virtual private networks and transfer protocols such as SSL operate at different levels.

A virtual private network, as the name implies, is going to build a virtual network on top of your existing physical network. Traffic is sent between users over a secure communications channel, that is separate (isolated) from traffic sent over other channels. Encryption is use to either encrypt the contents of the packet or to encrypt the packet itself.

SSL is used to establish a secure connection between web-servers and applications such as your browser. It has already been demonstrated that SSL is quite susceptible to Man-in-the-middle (MiTM) attacks. The question isn't whether you should choose one or the other, but instead, should focus on the implementation. A thread is already available that discusses the various VPNs.

 

The only way to get truly secure SSL is through key-based authentication. Each client generates a key, and provides it to the server through a secure channel. Clients also get a key from the server through a secure channel. Clients only connect to servers that they know by key, and servers only accept clients that they know by key. Servers don't accept connections with password-based authentication.

Either servers or clients can be compromised, of course. And third parties can then impersonate them

Also, SSH connections don't hide your IP address from servers. But SSH works via VPNs and/or Tor.

 

Just an FYI for those who don't know:

If you use OpenVPN proper to connect to your VPN, you can put this in your .ovpn config and change the TLS Re-Key period -

reneg-sec 1800

That^ is 30 minutes (number is in seconds).

Just don't set it to MORE than your providers Re-Key limit...usually 1 hour.

PD