TLS vs SSL

Zullu Natal
4 min readJul 9, 2023

--

If you are currently working or started to prepare for interviews, you know how important it is to thoroughly understand the clear difference between TLS vs SSL vs HTTPs.

Now let's start with the basics.

  1. SSL = Secure Socket Layer
  2. TLS = Transport Layer Security

In the early days, there were no such requirements for this level of security. But as the applications started to gather sensitive data and store it to communicate with users and databases, the need for security rose.

SSL is a cryptographic security protocol that protects your information as it transmits across the internet. Practically means a set of rules that computers use to communicate with each other. It includes a public key and a private key that authenticate your server and let your server encrypt and decrypt data.

SSL was designed to prevent any unauthorized third party from intercepting (Man in the Middle) and tampering with sensitive data while it’s in transit (personal data, financial information, etc).

When a visitor goes to your site, their web browser will look for your site’s SSL/TLS certificate. Then, the browser will perform a “handshake” to check the validity of your certificate and authenticate your server. If the SSL certificate is not valid, your users may be faced with the “your connection is not private” error, which could cause them to leave your website.

This is also where HTTPS comes in (HTTPS stands for “HTTP over SSL/TLS”).

Its first version, SSL 1.0, never got released. SSL 2.0, the second version, was released in 1995. The second version contained some security deficiencies (issues), and as a result, SSL 3.0 was created.

Later, this, too, was found to have security flaws. This led to the creation of another acronym (Another Security Layer) that you need to know about TLS.

TLS : More Secure Version of SSL

Due to some security flaws in SSL, the need for more security rose drastically, that’s how TLS came to light.

TLS encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal details.

TLS is a cryptographic protocol that provides end-to-end security for data sent between applications over the Internet.

TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good compromise between performance and security when transmitting data securely.

With symmetric cryptography, data is encrypted and decrypted with a secret key known to both sender and recipient; typically 128 but preferably 256 bits in length (anything less than 80 bits is now considered insecure). Symmetric cryptography is efficient in terms of computation, but having a common secret key means it needs to be shared in a secure manner.

Asymmetric cryptography uses key pairs — a public key, and a private key.

Now one last question from your end should be if TLS v1.3 is the latest version why are we still using TlS v1.2 and so?

Here is the answer to that, to this date, many browsers have not fully adopted the use of TlS v1.3 and still working on v1.2. As the updates are coming soon all browsers will upgrade themselves to the latest security protocol.

Summary

To sum everything up, TLS and SSL are both protocols to authenticate and encrypt the transfer of data on the Internet.

The two are tightly linked and TLS is really just the more modern, secure version of SSL.

While SSL is still the dominant term on the Internet, most people really mean TLS when they say SSL, because both public versions of SSL are not secure and have long since been deprecated.

To use both the SSL and TLS protocols, you need to install a certificate on your server.

You do not need to worry about “changing” your SSL certificate into a TLS certificate. If you’ve already installed an “SSL certificate”, you can be confident that it also supports TLS.

It’s important to use the latest versions of TLS because SSL is no longer secure, but your certificate does not determine the protocol that your server uses. Instead, once you have a certificate, you can choose which protocols to use at a server level.

Hope You Enjoyed Reading This Important Article, This Will Definitely Come Handy In Your Life.

--

--

Zullu Natal
Zullu Natal

Written by Zullu Natal

Learning to be safe 🙂, cybersecurity researcher.

No responses yet