What is SSL?
SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.
How does SSL/TLS work?
- In order to provide a high degree of privacy, SSL encrypts data that is transmitted across the web. This means that anyone who tries to intercept this data will only see a garbled mix of characters that’s nearly impossible to decrypt.
- SSL initiates an authentication process called a handshake between two communicating devices to ensure that both devices are really who they claim to be.
- SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered with before reaching its intended recipient.
There have been several iterations of SSL, each more secure than the last. In 1999 SSL was updated to become TLS.
Are SSL and TLS the same thing?
SSL is the direct predecessor of another protocol called TLS (Transport Layer Security). In 1999 the Internet Engineering Task Force (IETF) proposed an update to SSL. Since this update was being developed by the IETF and Netscape was no longer involved, the name was changed to TLS. The differences between the final version of SSL (3.0) and the first version of TLS are not drastic, the name change was applied to signify the change in ownership.
Since they are so closely related the two terms are often used interchangeably and confused. Some people still use SSL to refer to TLS, others use the term ‘SSL/TLS encryption’ because SSL still has so much name recognition.
Is SSL still up to date?
SSL has not been updated since SSL 3.0 in 1996 and is now considered to be deprecated. There are several known vulnerabilities in the SSL protocol and security experts recommend discontinuing its use. In fact, most modern web browsers no longer support SSL at all.
TLS is the up-to-date encryption protocol that is still being implemented online, even though many people still refer to it as ‘SSL encryption’. This can be a source of confusion for consumers shopping for security solutions. The truth is that any vendor offering ‘SSL’ these days is almost certainly providing TLS protection, which has been an industry standard for nearly twenty years. But since many folks are still searching for ‘SSL protection’, the term is still featured prominently on many product pages.