Difference between SSL VPN tunneling and SSL in HTTPS

Question

I'm a beginner, and this is probably an elementary question, but I can't figure it out through some googling.

I'm learning about VPN tunneling right now, and am generally not clear on how VPN tunneling is different than any other encryption, but particularly I am not sure why HTTPS web browsing, which is already using SSL for encryption, would be more secure if it was routed through a VPN using SSL to secure the connection.

What is the added security of a VPN when the communication is already encrypted?

score 3 · Answer 1 · answered Jan 22 '18 at 20:16

3

With a TLS/SSL connection to a website, your network provider can't see your traffic but they can see what IP address you’re connecting too, and can make a pretty good guess at the kind of content you’re viewing from the data volumes and the timing of the packets. With a VPN, they get less of that information, because all of your traffic just goes to the VPN (though of course the VPN provider gets the information instead).

answered Jan 22 '18 at 20:16

Mike Scott

7,993
31
26

So were one to trust their network provider there is no reason to use VPN? – Y e z Jan 22 '18 at 20:19
No, there are other reasons to use VPNs, but those reasons don’t apply to Internet websites accessed with TLS/SSL, which is what we’re discussing here. – Mike Scott Jan 22 '18 at 20:23

Andrew Schulman · Answer 2 · 2018-01-22T21:19:44.140

You're right that you won't make HTTPS more secure by tunneling it over a TLS (formerly SSL) VPN, since HTTPS is HTTP already wrapped in TLS.

As Mike said, using a VPN you'll reveal less metadata about your connection, in particular the requested URLs.

Also, if you have a misconfigured site that uses a mix of HTTP and HTTPS, the VPN will protect all of that, reducing your exposure to eavesdropping or man-in-the-middle attacks.

Difference between SSL VPN tunneling and SSL in HTTPS

2 Answers2