is SSL as secure as a VPN

Discussion in 'privacy technology' started by garry35, Aug 30, 2013.

Thread Status:
Not open for further replies.
  1. garry35

    garry35 Registered Member

    Jan 20, 2009
    assuming the VPN is trusworthy and secure, how does SSL compare security wise ?. my main comparison would be in FTP,downloaders etc.......

  2. Palancar

    Palancar Registered Member

    Oct 26, 2011
    I could make this a really long post but I won't. I actually use both at the same time. e.g. I am currently vpn (and maybe TOR too at times) and also always using https/SSL here. I have the same two at play on several FTP's I use. SSL is great if you KNOW there is no MITM chance and if you have a system setup to verify cert fingerprints and report ANY exception. Most don't do that.

    My VPN provider uses perfect forward secrecy, which virtually eliminates any MITM chances. Every hour or less the secondary but needed keys keep changing. Should an adversary acquire the private overall key (almost impossible to do but not impossible) used by https/SSL type connections they would end up with nothing!! PFS would make me chose VPN over conventional SSL. If either is not compromised via a stolen master private key they are safe as can be. Since I don't control the private master key of either I feel better connecting with a provider that uses PFS. Again, why not use both? You still have to get from the exit node to the FTP right?

    Do you control the FTP? The SSL question doesn't matter if you don't and its not configured for SSL.
  3. Techwiz

    Techwiz Registered Member

    Jan 5, 2012
    United States
    The simplest answer is that virtual private networks and transfer protocols such as SSL operate at different levels.

    A virtual private network, as the name implies, is going to build a virtual network on top of your existing physical network. Traffic is sent between users over a secure communications channel, that is separate (isolated) from traffic sent over other channels. Encryption is use to either encrypt the contents of the packet or to encrypt the packet itself.

    SSL is used to establish a secure connection between web-servers and applications such as your browser. It has already been demonstrated that SSL is quite susceptible to Man-in-the-middle (MiTM) attacks. The question isn't whether you should choose one or the other, but instead, should focus on the implementation. A thread is already available that discusses the various VPNs.
  4. mirimir

    mirimir Registered Member

    Oct 1, 2011
    The only way to get truly secure SSL is through key-based authentication. Each client generates a key, and provides it to the server through a secure channel. Clients also get a key from the server through a secure channel. Clients only connect to servers that they know by key, and servers only accept clients that they know by key. Servers don't accept connections with password-based authentication.

    Either servers or clients can be compromised, of course. And third parties can then impersonate them :(

    Also, SSH connections don't hide your IP address from servers. But SSH works via VPNs and/or Tor.
  5. PaulyDefran

    PaulyDefran Registered Member

    Dec 1, 2011
    Just an FYI for those who don't know:

    If you use OpenVPN proper to connect to your VPN, you can put this in your .ovpn config and change the TLS Re-Key period -

    reneg-sec 1800

    That^ is 30 minutes (number is in seconds).

    Just don't set it to MORE than your providers Re-Key limit...usually 1 hour.

Thread Status:
Not open for further replies.