We use cookies to ensure you can get the best experience on our site. If you keep using this site we assume that you agree to our use of cookies. Privacy Policy OK

What Is the Difference Between SSL and TLS?

Unless you work with it regularly, there’s a good chance that you don’t know the difference between SSL (Secure Sockets Layers) and TLS (Transport Layer Security). And this industry doesn’t do you many favors by colloquially referring to TLS as SSL. There’s been four iterations of the TLS protocol. SSL has been (or is supposed to be) entirely deprecated. So, what’s the difference between SSL and TLS? 

You’re about to find out.

A Brief History of SSL and TLS

SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network (e.g. a client connecting to a web server).  In reality, SSL is only about 25 years old. But in internet years, that’s ancient. The first iteration of SSL, version 1.0, was first developed in 1995 by Netscape but was never released because it was riddled with serious security flaws. SSL 2.0 wasn’t a whole lot better, so just a year later SSL 3.0 was released. Again, it had serious security flaws.

At that point, the guys at Consensus Development took a crack at it and developed TLS 1.0. TLS 1.0 was incredibly similar to SSL 3.0 – in fact it was based on it – but still different enough to require a downgrade before SSL 3.0 could be used. As the creators of the TLS protocol wrote:
 

“The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate.”


Downgrading to SSL 3.0 was still dangerous, though, given its known, exploitable vulnerabilities. All an attacker needed to do to target a website was downgrade the protocol to SSL 3.0. Hence, the birth of downgrade attacks. That ended up being the nail in the coffin for TLS 1.0.

TLS 1.1 came out seven years later in 2006, replaced by TLS 1.2 in 2008. That hurt TLS 1.1 adoption as many websites simply upgraded from 1.0 to TLS 1.2. We are now at TLS 1.3, which was finalized in 2018 after 11 years and nearly 30 IETF drafts. 

TLS 1.3 makes significant improvements over its predecessors and right now major players around the internet are pushing for its proliferation. Microsoft, Apple, Google, Mozilla, and Cloudflare all announced plans to deprecate both TLS 1.0 and TLS 1.1 in January 2020, making TLS 1.2 and TLS 1.3 the only game in town. 

At any rate, we’ve been using TLS for the past couple decades. At this point, if you’re still using SSL you’re years behind, metaphorically living in a forlorn era where people still use phone lines to dial on to the internet. 

It's Time to Share Your Story.

Get Free Hosting
Related Posts

What Causes the 403 Forbidden Error in HTTP and How Can I Fix It?

The 403 Forbidden error message is an HTTP status code that can occur when a client tries to retrieve a resource from a server and the server denies access to the requested resource. This requested resource can be anything from […]

What Is 500 Internal Server Error and How Can I Fix It?

The message 500 Internal Server Error is a popular HTTP status code that is sent by a server in response to a client’s request. If your web browser shows you a webpage containing this error, it means that the server […]

What Are HTTP Status Codes?

HTTP status codes, also known as HTTP response codes, are small pieces of information that a client, such as a web browser, receives from a webserver. The purpose of the HTTP status codes is to give the client a rough […]

awardspace logo
Where Ideas Turn Into Websites