TLS is an upgrade over #Secure Socket Layer (SSL) version 3 (SSLv3) defined in RFC 5246. It has now been widely adopted as it is more secure and efficient than its predecessor in message authentication, key material generation and supported cipher suites. It uses the same record format and MAC# generation algorithm, HMAC, as SSLv3. That being said, the algorithm XORs the padding bytes with the secret key padded to the block length instead of concatenated with the secret key as in SSLv3. Furthermore, the MAC calculation also including the field TLSCompressed.version which defined the protocol version being used.
Other differences with SSL are:
- a pseudo-random function expands secrets into blocks of data
- has additional alert codes
- changes in supported ciphers
- changes in certificate types and negotiations for Rivest-Shamir-Adleman (RSA)# and DSS
- changes in structure of Cerfificate_Verify and Finished messages
- changes in crypto computations and padding