You have probably already come across the two acronyms SSL and TLS, which are often combined as SSL/TLS. If you want to manually configure an email client or host website, for example, these terms cannot be avoided. In this article, you will learn what the differences between these two protocols are.
IONOS Black Friday Sale
Save up to 99% on our most popular products.
Sale ends Cyber Monday!
Hosting – $1/yrWordPress – $1/yrDomains – $1/yrSSL stands for “Secure Socket Layer” and TLS for “Transport Layer Security”. Both are encryption protocols for the internet’s transport layer. Their job is to encrypt data streams between the client and server.
If communication passes through this encrypted transport layer, an “s” is added to the end of the protocol name: http becomes https, imap becomes imaps, etc. The acronym SSL also appears in the term SSL certificate – this certificate is required if a website wants to communicate using https, which is what the vast majority of websites use today.
For more information about TLS, check out our follow-up article.
SSL was introduced in 1995. After a number of serious security vulnerabilities were discovered, the improved version 2.0 was released, followed by version 3.0 one year later. After discovering security vulnerabilities, the IETF (Internet Engineering Task Force, responsible for further developing the internet) rejected SSL 3.0.
SSL 2.0 and SSL 3.0 are sometimes also called SSLv2 and SSLv3.
The TLS protocol is the successor toSSL. It was introduced in 1999 as an improved version of SSL 3.0 and was called SSL 3.1 at first. The current version is TLS 1.3 (as of 2018).
The jump from SSL 3.0 to TLS 1.0 was initially just a small one. “The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate” (RFC 2246). Compared to SSL 3.0, TLS 1.0 improved cryptographic security and application interoperability. The currently used version TLS 1.2 provides increased security against hacker attacks and allows applications much more flexibility with regard to the encryption used (cipher suites).
The current version of TLS is more secure, flexible, and efficient than its predecessor SSL. Since the acronym SSL is still much more widely known than TLS, many providers of client software, routers, and so forth use the term SSL or alternatively the combined term SSL/TLS. However, this is usually referring to the current version of TLS (i.e. TLS 1.3).
Today, the only answer is TLS. SSL 2.0 and SSL 3.0 are outdated and regarded as insecure. The same can be said about older versions of TLS. Only TLS 1.2 can still be used under certain conditions, which are outlined in the TLS 1.3 specification. However,you should avoid all SSL protocols (as using them is now prohibited) as well as TLS versions 1.0 and 1.1 (support for which will be phased out soon). On properly configured servers, these outdated protocols are disabled.
Using this GlogalSign, you can check which encryption protocols the server of a specific website has enabled.
If you operate or rent your own server, it is your responsibility to protect it against failures and external access. You can immediately begin to set the foundation for this when configuring the server, if you have the necessary administrative rights. The correct settings can work wonders, especially with encrypted remote connections via SSH protocol, and greatly increase security.
In the digital age, we are increasingly resorting to cloud services: At work, people collaborate on projects together in the cloud, and in their free time, they share photos from their last vacation. At the same time, cloud storage is by no means free from security risks. The multi-cloud environments of larger companies, in particular, are becoming a challenge for cloud security. Here, we will...
If you want to secure your digital data with the best possible protection, there is no getting around the issue of encryption. For example, asymmetric cryptography plays an essential role in secure data transfer. Here, you will learn how it works, how it is different from traditional symmetric encryption, and where it is used.
Let's Encrypt is a free, automated SSL certificate Authority. Using Let's Encrypt is a fast, free way to obtain an SSL certificate for your website. With Plesk, you can create and deploy a Let's Encrypt SSL certificate with just a few clicks. For any Cloud Server with Plesk, administrative functions like adding an SSL certificate should always be done using the Plesk interface.
The biggest deals of the year on web hosting, WordPress, and more.
Sale ends Cyber Monday — don't miss out!
