SSL vs. TLS - What's the Difference?

Internet security is a bit like alphabet soup – SSL, TLS, ECC, SHA, the list goes on. All these acronyms can make it confusing to figure out what you actually need. Perhaps the one we get asked about the most is - what’s the difference between SSL (Secure Socket Layers) and TLS (Transport Layer Security)? You know you want to secure your website (or other type of communication), but do you need SSL? TLS? Both?

A Brief History of SSL and TLS
SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines and applications operating over a network (e.g. a client connecting to a web server). SSL is the predecessor to TLS. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms.

Should You Be Using SSL or TLS?
Both SSL 2.0 and 3.0 have been deprecated by the IETF (in 2011 and 2015, respectively). Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL protocols (e.g. POODLE, DROWN). Most modern browsers will show a degraded user experience (e.g. line through the padlock or https in the URL bar, security warnings) when they encounter a web server using the old protocols. For these reasons, you should disable SSL 2.0 and 3.0 in your server configuration, leaving only TLS protocols enabled.

Disabling SSL 2.0 and 3.0
If you’re not sure if your servers are still supporting SSL protocols, you can easily check using our SSL Server Test.

Article source

  • 9237 Views