Which SSL Reviews


Difference Between SSL and TLS Protocols

May 3, 2016 | By Editor 

The terms SSL, TLS and HTTPS are used interchangeably even by people in the security industry. And the norm is not completely wrong given how little difference these security protocols have among them. Let’s start by spelling out them first and discover their difference.

SSL stands for Secure Sockets Layer, one of the oldest encryption protocols developed by Netscape to secure data transmission in a network. An SSL technology uses cryptographic formula to provide a safe cover for data against any third-party intervention. The first version SSL 2.0 came out in 1995 and is now obsolete, along with its successor SSL 3.0 that was exploited by the POODLE vulnerability.

TLS is short for Transport Later Security, and it is nothing but an enhancement to pre-existing SSL protocol designed with an aim to better protect data in motion. Saying SSL and TLS are different, in essence, is a misnomer.

Hypertext Transfer Protocol Secure (HTTPS) is an SSL-enabled encryption that is applied to secure a web server. It is fast replacing its predecessor, the HTTP, and taking over the web pages on the internet as a new standard. HTTPS happens as a result of HTTP being encrypted by SSL/TLS certificates.

Regardless of their hairline difference, the aim of both SSL and TLS certificates is same, i.e. to ensure that an intended data is encrypted and kept out of harm’s way during a network communication. In order to be protected with SSL or TLS, a website (or their individual web pages) have to obtain digital certificates from one of the many reputed Certificate Authority (CA) vendors, such as Comodo or DigiCert. Depending on the SSL product type, these CAs check for the authenticity behind the domain and if they really belong to a trustworthy web server.

The most obvious application of SSL and TLS certificates are seen in websites that accept and process card payments online. Without these security protocols, there is a clear risk of credit card data being stolen and misused by an unauthorised third person. SSL encryption on the internet has become so widespread that web browsers alert users against proceeding to websites that haven’t issued SSL certificates in their URL.

What’s actually taking place is that when a browser connects to a web server, it looks for an authentic identity that is mostly validated by an SSL certificate. When the browser fails to get a reasonable validation – or any validation at all – it concludes that the website is not trusted and hence not safe for carrying out any kind of transactions.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory