What is TLS and how does it compare to SSL?

TLS and SSL are closely related technologies.

First, email and Opportunistic TLS. ESMTP has the option of performing the actual data transfer portion of the conversation over an encrypted link. This is part of the protocol and has been called TLS for most of its existence. It works roughly like this:

-> EHLO foreignmailer.example.com
<- 250 Howdy, stranger
<- [list of capabilities, of which TLS is listed]
-> [Indicates it wants to start a TLS session]
<- [accepts negotioation]
-> [Mail actions, of which LOGIN might be one]

Once the TLS session has been started, new login methods might be available. This is an example of a protocol that includes Transaction Layer Security in it directly. The certificates used are the same kind of certificates used for SSL over HTTP.

For an example of a service that doesn't include TLS directly, take POP3-over-SSL. In that case, the secure session is negotiated before the actual protocol is negotiated. In essence, POP3 is being encapsulated inside a secure session.

In general, if a service supports SSL it can be extended to support TLS. Whether or not that has been done is up to the maintainers of the service. This does mean that TLS can replace SSL in "SSL VPNs".

SSL VPNs are distinct from their IPSec based cousins in that the secure session is done at a different level. SSL VPNs do their work much the same way that POP3-over-SSL does, in that traffic is encapsulated over an existing TCP connection. IPSec VPNs create an IP-level secure tunnel, where SSL VPNs create a TCP-level secure tunnel. The reason SSL VPNs seem to be taking over is that they're easier to set up and are more tolerant of bad network conditions. SSL VPNs can and do use the TLS protocol for securing the session, though it does depend on the maker of the VPN itself.

As for the exact protocol level differences between SSL and TLS, that I can't get into. TLS as a standard was arrived at later than SSL and therefore includes some of the lessons learned in the early SSL versions. SSLv3 was ratified back in 1996 and TLS1.0 in 1999, and further protocol development appears to be limited to the TLS suite. It has taken a LONG time for SSLv1 and v2 to go away. TLS is the clear successor of the SSL suite.

TLS is essentially an upgrade to SSL. The changes to it are not dramatic, but significant enough to break compatibility with SSL3.0.

The Wikipedia article covers it extensively but in reasonably understandable terms. (I don't mean to RTFM, but I don't want to repeat everything there.)

They are used in similar ways, and is still referred to as SSL. Basically, you choose your encryption scheme to be one or the other.

SSL as already people pointed out is a protocol designed by Netscape in the past. At some point the IETF standards body decided to adopt the SSLv3 protocol as a standard one, so it got change very subtly and it was named TLSv1.0.

So for most people, TLSv1.0 is almost equivalent to SSLv3. The reason people still call the family of protocols SSL is because of historical reasons - everyone is used to the name, so they keep on using it. It is quite possible for the VPN to be using TLS under the cover, but the marketing name still stays as SSL VPN.

Since TLSv1.0, there have been two revisions of the standard and it is now at TLSv1.2, which while still compatible, has some significant changes. Because of the SSL/TLS design, both client and server can negotiate which version of the protocol they want to use, so clients using TLSv1.0 can still talk to servers implementing TLSv1.2 and vice versa.

Considering the interoperability between all the versions of the protocol, there is no "making a switch", since they are the same family. It is a question of "do I need to use newer version?". As with any other area, the answer to this question will depend on whether the current version you are using has any limitations or not. Currently there are no problems with using SSLv3, but the majority of clients and servers out there work with TLSv1.0.

I hope this clarifies the picture a bit. If not, let me know what is still confusing I will try to explain further.

Is TLS the "new" version of SSL? What features does it add, or security issues does it address?

TLS is T ransport L ayer S ecurity and generally refers to the STARTTLS command in SMTP mail servers. It may or may not use SSL (SEE palm versamal for an example) but in general SSL is the main security system used. TLS has also been used for other purposes (like HTTP ) and the latest RFC spec is at version 1.2

Can anything that supports SSL support TLS? What would be involved in making the switch? Is the switch worth it?

Usually but by anything, with TLS being the consideration, you are referring to mailservers, so specifically mailservers that have an SSL cert can use TLS to transfer mail and recieve mail.

Why is it that emails are sent over "Opportunistic TLS" and VPN's often called SSL VPN? Is there a difference in the technology, perhaps creating room for a "TLS VPN" product line ?

This smells like the marketing meatheads got in the room. "Opportunistic TLS" simply means that if starttls does not return a 220 (Ready to start TLS) go ahead and send the email anyway. Note that TLS is a SENDER option not a reciever option it might be possible with some mail servers to refuse non-TLS mail but that would be the exception not the rule.

TLS also supports mutual authentication and not simply encryption of a connection.

Sending an email over a VPN (whether SSL or another security scheme) simply makes the mailservers security essentially irrelevant, you can use TLS over a VPN (and you can even use TLS as the VPN security scheme) but it doesn't necessarily affect how the mail is transported if only the VPn connection is encrypted between mailservers (so from the source and destination mailservers, they might be transmitting standard cleartext)