Using TLS in gRPC C++ program

[Neeraj Bansal]

In Grpc documentation on https://grpc.github.io, there are 2 set of APIs: APIs starting Ssl keyword (e.g. SslServerCredentials and SslCredentials) under grpc namespace vs APIs starting with TLS keyword under grpc::experimental namespace (e.g. TlsServerCredentials and TlsCredentials). In our project, we are using grpc::SslServerCredentials() to create credentials to be passed to grpc::ServerBuilder::AddListeningPort() on server side and we are using grpc::SslCredentials() to create credentials to be passed to grpc::CreateChannel() on client side. Question is with APIs used by us, will grpc end up using SSL protocol or TLS protocol (1.2 / 1.3)?

[Zhen Lian]

Both `Ssl*Credentials` and `Tls*Credentials` inherently use TLS as its transport protocol.  `Ssl*Credentials` was named by historical reasons but we don't support SSL anymore. 

The difference between the two is that `Tls*Credentials` is still experimental, and it contains many new advanced features, such as credential reloading, custom verification, etc. For any new features related to security, we will add them to  `Tls*Credentials`. 

If the current `Ssl*Credentials` can meet your needs, then it is fine to just use `Ssl*Credentials`. When later if some advanced features are needed, you can consider migrating to the `Tls*Credentials`.

[Neeraj Bansal]

Thanks Zhen for your reply

Regards,

Neeraj