This is a short run down of the two popular security protocols of the Internet. Some familiarity with the basics is assumed. In short, SSL requires applications to be modified as it operates above the TCP layer and this happens in user space in linux and other OSes. Whereas IPsec works seamlessly no matter what application and what protocol the application uses. ICMP traffic, UDP traffic and TCP all are protected by IPsec without the user or application developer worrying about it.

Whereas SSL involves a certain degree of user interaction. One has to verify certificates, their validity, expiry date and so on.

There is another key difference between the two security protocols.SSL protects traffic end to end whereas IPsec is usually deployed in tunnel mode in which only the edge of your network and beyond is protected by IPsec.

It is interesting to see how technical differences especially which layer a particular protocol operates influence ease of deployment.IPsec is a popular method to run corporate VPNs and gives a somewhat complete security solution.

The link for this article located at linuxforums.org is no longer available.