SSL vs TLS

ssl certificate options

What Is SSL?

SSL stands for Secure Sockets Layer, a Netscape-originated protocol that allows for the secure transmittal of private documents by means of the Internet. It was invented in order to validate the identity of websites and especially for the secure transmitting of personal data like credit card information in order that purchases might be safely made via the Internet.

The SSL protocol employs a cryptographic system which uses a public key and a private key in the encryption of data. The public key is available to everyone, but the private key, also called a secret key, is known only to the message recipient. The SSL connection is made via what is called the ‘SSL Handshake’ prior to the transmission of any data via the connection.

The first public edition of SSL was SSL 2.0, released in 1995, but because security flaws were discovered, SSL 3.0 was released shortly afterward in 1996.

What Is TLS?

TLS stands for Transport Layer Security, an IETF (Internet Engineering Task Force) innovation that was developed from the Netscape SSL 3.0 protocol. n a TLS session, a secret key for the session is generated and used to encrypt the exchanges that follow.

Because TLS is based on SSL 3.0, the original version released in 1999 is sometimes referred to as SSL 3.1 rather than TLS 1.0. Similarly, TLS 1.1, released in 2006, is referred to as SSL 3.2, and TLS 1.2, released in 2008, may be called SSL 3.3.

It is now standard for some version of SSL/TLS to be used by every reliable ecommerce site or other site that requests personal data from visitors. Although it is a complex system, the complexity remains behind the scenes and the site visitor is unaware of the intricacies. SSL is added to a website through the website owner procuring an SSL certificate. Shared certificates are sometimes offered free in a web hosting package: higher level certificates can be purchased.

How To Tell When Web Data Can Be Transmitted Securely

For the purposes of web browsing, it is not as important to know exactly which form of SSL/TLS is being used as to know whether a web page is secure or not. This can be determined by several different cues:

  • The abbreviation HTTPS, short for Hypertext Transfer Protocol Secure, appears in the web address window instead of HTTP as part of the URL of a site that is using a secure protocol.
  • A green address bar is shown in most browsers when an extended validation – EV SSL certificate is used.
  • A lock icon is displayed somewhere on the web page.
  • Site seals from companies such as SSL.com, GeoTrust, and Verisign signal that the site has been verified.

Sources

info.ssl.com