TLS vs SSL (FAQ)

The difference between protocols

Transport Layer Security (TLS) and Secure Socket Layer (SSL) are identical protocols given both securely encrypt communications between servers. The difference is TLS is the predecessor of SSL and is known for its better security today.

Frequently Asked Questions (FAQ):

Q: Why is everyone calling it SSL when TLS should be the right term to use?

A: Interestingly, when TLS was introduced in 1999, the difference between both protocols were so insignificant that everyone including Certificate Authorities (CAs) continue to use SSL. CAs did attempt to push out and use the word TLS (as you may have seen), however there hasn’t been much of a success. It is fairly common to see TLS and SSL used interchangeably.

Q: Why was TLS introduced?

A: TLS was introduced because it was deemed as a more suitable term to use when describing communication privacy over the internet. How this protocol works is it creates multiple layers on top of one another. At each layer, messages may include fields for lengths, description and content. 

Q: Am I getting a TLS certificate if I purchase a SSL certificate? 

A: Yes. As mentioned, TLS/SSL is a protocol name and all CAs are under strict regulation by the CA/Browser Forum to provide a digital certificate that is compatible with the latest protocol (currently TLS 1.2). You would need to disable SSL 2.0 and SSL 3.0 in your servers to remove all known vulnerabilities associated with the older protocols.

Q: Will there be further updates on TLS/SSL?

A: Yes. The security community at large are looking at ways to improve this technology. As of September 2015, TLS 1.3 is at a working draft stage where it looks to remove weak signatures, remove support for obsolete cipher suites and upgrade the technology for TLS. 

Q: Will my old or existing TLS/SSL certificate be affected when there is an update?

A: When there is an update on the protocol, your relevant CAs would publish the information on their site. It is also the IT security administrator’s duty to regularly check for updates and configure the certificate accordingly to instructions provided by CAs.