TLS vs. SSL: what is the difference?
You have probably already come across the two acronyms SSL and TLS, which are often combined as SSL/TLS. If you want to manually configure an email client or host website, for example, these terms cannot be avoided. In this article, you will learn what the differences between these two protocols are.
$1 Domain Names
Register great TLDs for less than $1 for the first year.
Why wait? Grab your favorite domain name today!
What does SSL and TLS mean?
SSL stands for “Secure Socket Layer” and TLS for “Transport Layer Security”. Both are encryption protocols for the internet’s transport layer. Their job is to encrypt data streams between the client and server.
If communication passes through this encrypted transport layer, an “s” is added to the end of the protocol name: http becomes https, imap becomes imaps, etc. The acronym SSL also appears in the term SSL certificate – this certificate is required if a website wants to communicate using https, which is what the vast majority of websites use today.
For more information about TLS, check out our follow-up article.
The difference between SSL and TLS
SSL was introduced in 1995. After a number of serious security vulnerabilities were discovered, the improved version 2.0 was released, followed by version 3.0 one year later. After discovering security vulnerabilities, the IETF (Internet Engineering Task Force, responsible for further developing the internet) rejected SSL 3.0.
SSL 2.0 and SSL 3.0 are sometimes also called SSLv2 and SSLv3.
The TLS protocol is the successor to SSL. It was introduced in 1999 as an improved version of SSL 3.0 and was called SSL 3.1 at first. The current version is TLS 1.3 (as of 2018).
The jump from SSL 3.0 to TLS 1.0 was initially just a small one. “The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate” (RFC 2246). Compared to SSL 3.0, TLS 1.0 improved cryptographic security and application interoperability. The currently used version TLS 1.2 provides increased security against hacker attacks and allows applications much more flexibility with regard to the encryption used (cipher suites).
The current version of TLS is more secure, flexible, and efficient than its predecessor SSL. Since the acronym SSL is still much more widely known than TLS, many providers of client software, routers, and so forth use the term SSL or alternatively the combined term SSL/TLS. However, this is usually referring to the current version of TLS (i.e. TLS 1.3).
SSL or TLS – which one should you use?
Today, the only answer is TLS. SSL 2.0 and SSL 3.0 are outdated and regarded as insecure. The same can be said about older versions of TLS. Only TLS 1.2 can still be used under certain conditions, which are outlined in the TLS 1.3 specification. However, you should avoid all SSL protocols (as using them is now prohibited) as well as TLS versions 1.0 and 1.1 (support for which will be phased out soon). On properly configured servers, these outdated protocols are disabled.
Using this GlogalSign, you can check which encryption protocols the server of a specific website has enabled.
Related articles
How to use cloud services securely
In the digital age, we are increasingly resorting to cloud services: At work, people collaborate on projects together in the cloud, and in their free time, they share photos from their last vacation. At the same time, cloud storage is by no means free from security risks. The multi-cloud environments of larger companies, in particular, are becoming a challenge for cloud security. Here, we will…
How to secure a server
If you operate or rent your own server, it is your responsibility to protect it against failures and external access. You can immediately begin to set the foundation for this when configuring the server, if you have the necessary administrative rights. The correct settings can work wonders, especially with encrypted remote connections via SSH protocol, and greatly increase security.
What is Asymmetric encryption?
If you want to secure your digital data with the best possible protection, there is no getting around the issue of encryption. For example, asymmetric cryptography plays an essential role in secure data transfer. Here, you will learn how it works, how it is different from traditional symmetric encryption, and where it is used.
Install a Let's Encrypt SSL Certificate on a Cloud Server with Plesk
Let's Encrypt is a free, automated SSL certificate Authority. Using Let's Encrypt is a fast, free way to obtain an SSL certificate for your website. With Plesk, you can create and deploy a Let's Encrypt SSL certificate with just a few clicks. For any Cloud Server with Plesk, administrative functions like adding an SSL certificate should always be done using the Plesk interface.
How do RSA cryptosystems work?
RSA encryptions are asymmetric encryptions and are put to use in many areas of digital data transfers because they can be easily used but not easily decrypted with an algorithm. Here, we explore how RSA keys work, what they are used for, and in which fields RSA cryptosystems can also be useful. Read on to find out more.