TCP vs TLS, which is better?
I have an upcoming oral network security exam and know that in past exams, the professor asked about why TLS requires TCP. I know that there is DTLS but it wasn't part of the lecture. So the question is about what advantage TLS gains by requiring its underlying protocol to be TCP, I guess. I already heard some wild guesses but no convincing arguments. In the beginning of the RFC, it says: At the lowest level, layered on top of some reliable transport protocol (e.g., TCP [TCP]), is the TLS Record Protocol. Seemingly everywhere else (according to my judgement), the RFC doesn't only require "some reliable transport protocol" but TCP in particular.
TCP vs TLS
- TLS requires reliable transport. On the internet, this leaves only TCP, as UDP does not offer reliability.
- TLS does require reliable transport because (in compliance with the layered architecture of the ISO/OSI reference model) it does not handle transport errors, lost packets or other disturbances that may occur with IP.
- TLS is designed to offer a secure channel on top of a reliable transport and it does this quite well. DTLS does (I assume) the necessary error handling within the protocol.
- If TLS was to be performed over UDP, connections and handshakes could fail just because a packet got lost in transit and no one noticed.
Mitigation of such problems is (according to the ISO/OSI reference model) the designated task of a reliable transport. Any reliable transport works theoretically, yet for all practical purposes of IP networks, this usually implies TCP.