What is SSL/TLS?
SSL/TLS (Secure Sockets Layer / Transport Layer Security) are cryptographic protocols designed to provide secure communication over a computer network. TLS is the successor to SSL and is used to encrypt data transmitted between clients and servers.
Quick Facts
| Full Name | Secure Sockets Layer / Transport Layer Security |
|---|---|
| Created | SSL 1995 by Netscape, TLS 1999 by IETF |
| Specification | Official Specification |
How It Works
SSL was developed by Netscape in 1995, with SSL 3.0 being the most widely adopted version. Due to security vulnerabilities, SSL was deprecated in favor of TLS. TLS 1.0 (1999) was essentially SSL 3.1, with TLS 1.2 (2008) and TLS 1.3 (2018) adding significant security improvements. TLS provides three main security services: encryption (confidentiality), authentication (identity verification), and integrity (tamper detection). It uses a combination of symmetric and asymmetric cryptography, with certificates for identity verification. TLS 1.3 (2018) is the recommended version, offering improved security and performance. It removes outdated cipher suites, reduces handshake round-trips from 2 to 1 (0-RTT for resumed connections), and mandates forward secrecy. TLS 1.0 and 1.1 are deprecated and should be disabled. TLS 1.2 remains acceptable but TLS 1.3 is preferred.
Key Characteristics
- Provides encryption, authentication, and integrity
- TLS 1.3 is the current recommended version
- Uses certificates for server authentication
- Combines symmetric and asymmetric encryption
- Handshake protocol establishes secure connection
- SSL is deprecated due to vulnerabilities
Common Use Cases
- HTTPS website encryption
- Email encryption (SMTPS, IMAPS)
- VPN connections
- Secure API communication
- Database connection encryption
Example
Loading code...Frequently Asked Questions
What is the difference between SSL and TLS?
TLS (Transport Layer Security) is the successor to SSL (Secure Sockets Layer). SSL versions 1.0-3.0 are deprecated due to security vulnerabilities. TLS 1.0 was essentially SSL 3.1, with TLS 1.2 and TLS 1.3 providing significant security improvements. Today, 'SSL' is often used colloquially to refer to TLS.
Which TLS version should I use?
Use TLS 1.3 whenever possible as it offers the best security and performance with a faster handshake. TLS 1.2 is acceptable as a fallback. TLS 1.0 and 1.1 are deprecated and should be disabled. Never use SSL 2.0 or 3.0 as they have known security vulnerabilities.
What is a TLS certificate and how does it work?
A TLS certificate is a digital document that authenticates a server's identity and enables encrypted connections. It contains the server's public key and is signed by a Certificate Authority (CA). Browsers verify the certificate chain to ensure the server is legitimate before establishing an encrypted connection.
What is the TLS handshake process?
The TLS handshake establishes a secure connection: 1) Client sends supported cipher suites and TLS version, 2) Server responds with chosen cipher suite and certificate, 3) Client verifies certificate and generates session keys, 4) Both parties confirm encryption is active. TLS 1.3 reduces this to a single round-trip.
What is forward secrecy in TLS?
Forward secrecy (or Perfect Forward Secrecy) ensures that session keys are not compromised even if the server's private key is later exposed. It uses ephemeral key exchange (like ECDHE) to generate unique session keys. TLS 1.3 mandates forward secrecy, making it more secure than older versions.