Unless you work with it regularly, there’s a good chance that you don’t know the difference between SSL Protocol (Secure Sockets Layers) and TLS (Transport Layer Security). And this industry doesn’t do you many favors by colloquially referring to TLS as SSL.
There’s been four iterations of the TLS protocol. SSL has been (or is supposed to be) entirely deprecated. So, what’s the difference between SSL and TLS?
A Brief History of SSL and TLS
SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network (e.g. a client connecting to a web server). In reality, SSL is only about 25 years old. But in internet years, that’s ancient. The first iteration of SSL, version 1.0, was first developed in 1995 by Netscape but was never released because it was riddled with serious security flaws. SSL 2.0 wasn’t a whole lot better, so just a year later SSL 3.0 was released. Again, it had serious security flaws.
Downgrading to SSL 3.0 was still dangerous, though, given its known, exploitable vulnerabilities. All an attacker needed to do to target a website was downgrade the protocol to SSL 3.0. Hence, the birth of downgrade attacks. That ended up being the nail in the coffin for TLS 1.0.
TLS 1.1 came out seven years later in 2006, replaced by TLS 1.2 in 2008. That hurt TLS 1.1 adoption as many websites simply upgraded from 1.0 to TLS 1.2. We are now at TLS 1.3, which was finalized in 2018 after 11 years and nearly 30 IETF drafts.
TLS 1.3 makes significant improvements over its predecessors and right now major players around the internet are pushing for its proliferation. Microsoft, Apple, Google, Mozilla, and Cloudflare all announced plans to deprecate both TLS 1.0 and TLS 1.1 in January 2020, making TLS 1.2 and TLS 1.3 the only game in town.
At any rate, we’ve been using TLS for the past couple decades. At this point, if you’re still using SSL you’re years behind, metaphorically living in a forlorn era where people still use phone lines to dial on to the internet.
Should You Be Using SSL or TLS?
Both SSL 2.0 and 3.0 have been deprecated by the Internet Engineering Task Force, also known as IETF, in 2011 and 2015, respectively. Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL protocols (e.g. POODLE, DROWN). Most modern browsers will show a degraded user experience (e.g. line through the padlock or https in the URL bar, or other security warnings) when they encounter a web server using the old protocols. For these reasons, you should disable SSL 2.0 and 3.0 in your server configuration, and while you’re at it – go ahead and deprecate TLS 1.0 and TLS 1.1, too.
According to a recent WatchGuard survey, nearly 7% of the Alexa Top 100,000 still support SSL 2.0 and/or SSL 3.0. So those sites are still out there in abundance.
Certificates Are Not the Same as Protocols
Before anyone starts worrying that they need to replace their existing SSL Certificates with TLS Certificates, it’s important to note that certificates are not dependent on protocols. That is, you don’t need to use a TLS Certificate vs. an SSL Certificate. While many vendors tend to use the phrase “SSL/TLS Certificate,” it may be more accurate to call them “Certificates for use with SSL and TLS,” since the protocols are determined by your server configuration, not the certificates themselves.
That goes for encryption strength, too. Many certificates advertise encryption strength, but truly it’s the capabilities of the server and the client that determine that. At the beginning of each connection, a process called a handshake occurs. During this process, the client authenticates the server’s TLS certificate and the two decide on a mutually supported cipher suite. Cipher suites are a collection of algorithms that all work together to securely encrypt your connection with that website. When the cipher suite is negotiated during the handshake, that’s when the version of the protocol and the supporting algorithms are determined. Your certificate just facilitates the process.
Historically there have been four algorithms in a cipher suite:
- Key Exchange
- Digital Signature
- Message Authentication
- Hashing Algorithm
(If that seems a little in the weeds, it won’t in a second when we discuss the differences between SSL and TLS.)
For now, it’s likely you will continue to see certificates referred to as SSL Certificates because at this point that’s the term more people are familiar with. We’re beginning to see increased usage of the term TLS across the industry, and SSL/TLS is a common compromise until TLS becomes more widely accepted.
Are SSL and TLS Any Different Cryptographically?
Yes. The difference between each version of the protocol may not be huge, but if you were comparing SSL 2.0 to TLS 1.3 there would be a canyon between them. At its heart, the concept is the same through each version. It’s just the way the different protocols go about accomplishing the task of encrypting connections that diverges.
Each newly released version of the protocol came and will come with its own improvements and/or new/deprecated features. SSL version one was never released, version two did but had some major flaws, SSL version 3 was a rewrite of version two (to fix these flaws – with limited success) and TLS version 1 an improvement of SSL version 3. Between TLS 1.0 and 1.1, the changes were minor. TLS 1.2 brought some significant changes and TLS 1.3 has refined and streamlined the whole process.
Disabling SSL 2.0 and 3.0 and TLS 1.0
If you’re not sure if your servers are still supporting SSL protocols, you can easily check using our SSL Server Test. For instructions on how to disable SSL 2.0 and 3.0 on popular server types, including Apache, NGINX and Tomcat, check out our related support article. If you still need to disable TLS 1.0, we can help you with that, too.
So, what’s the difference between SSL and TLS? In polite conversation, not much – and many people continue to use the terms SSL and TLS interchangeably. In terms of your server configuration though, there are some major architectural and functional differences. And those differences are the space between vulnerabilities, outdated cipher suites, browser security warnings – and a secure server. When it comes to your servers, you should only have TLS protocols enabled.