DISCOUNT COUPONS | CONTACT US | SSL WIKI

SSL Brands SSL Products SSL Reseller My Account

POSITIVESSL CERTIF

$9.00
SSL vs. TLS – What are differences?

Phew! Internet security is jargon- lled world. For a newbie like me it is a

It takes a lot of prodding to understand how they work and how they are
di erent from one another.

If you have been reading about SSL recently, you would have stumbled across
TLS as well.

SSL refers to Secure Sockets Layer whereas TLS refers to Transport Layer
Security.  Basically, they are one and the same, but, entirely di erent.

How similar both are? SSL and TLS are cryptographic protocols that authenticate
data transfer between servers, systems, applications and users. For example, a
cryptographic protocol encrypts the data that is exchanged between a web
SSL Brands SSL Products SSL Reseller My Account
server and a user.

SSL was a rst of its kind of cryptographic protocol. TLS on the other hand, was a
recent upgraded version of SSL.

Why do you need an SSL/TLS certi cate?

Cyber security has become a serious threat that is spreading across all sections
of the internet. From schools to enterprises and individuals, it puts user data of
all types and sizes at risk. The risk is especially higher when there is exchange of
information through client and server systems.

There is a need for secure system that encrypt data ow from either side. An
SSL/TLS certi cate helps with that. It acts as an endpoint encryption system that
encrypt data preventing unauthorized access by hackers.

In the present day, SSL has also gained importance as a serious ranking signal
due to Google’s announcement. Websites with SSL certi cates gain better search
ranking traction, have better user experience and do not pose any security
concerns — even during eCommerce transactions.

A brief about SSL

Netscape developed SSL in the year 1994. It was envisioned as a system that will
ensure secure communication between client and server systems on the web.
Gradually, the IETF (the Internet Engineering Task Force) picked up the protocol
and standardized it as a protocol. Two versions of SSL followed that ironed out
the vulnerabilities found in version 1. The current SSL version is SSL 3.0. If we
look at below history, we can assume that IETF seriously attempted to secure
online data with robust security at its best.

SSL 1.0 Due to security aw, SSL 1.0 was not released.
 SSL 2.0 SSL v2.0 was SSL
SSL Brands the Products
rst public release of SSL
SSL by Netscape.My
Reseller It was
Account
released in February 1995 but there were design aws that
compelled Netscape to release SSL v.3. However, SSL v.2.0 was
deprecated in 2011.

SSL 3.0 SSL v3 was an upgrade version of earlier version SSL v2.0 that
xed few security design aws of SSL v2.0 However, SSL v3.0
deemed insecure in 2004 due to the POODLE attack.

A brief about TLS

TLS means Transport Layer Security, which is a cryptographic protocol successor

TLS 1.0 TLS 1.0 which was upgrade of SSL v.3.0 released in January 1999
but it allows connection downgrade to SSL v.3.0.

TLS 1.1 After that, TLS v1.1 was released in April 2006, which was an
update of TLS 1.0 version. It added protection against CBC (Cipher
Block Chaining) attacks. In March 2020, Google, Apple, Mozilla and
Microsoft has announced for deprecation of TLS 1.0 and 1.1
versions.

TLS 1.2 TLS v1.2 was released in 2008 that allows to speci cation of hash
and algorithm used by the client and server. It allows
authenticated encryption, which was added more support with
extra data modes. TLS 1.2 was able to verify length of data based
on cipher suite.

TLS 1.3 TLS v1.3 was released in August 2018 and had major features that
di erentiate it with its earlier version TLS v1.2 like removal of MD5
and SHA-224 support, require digital signature when earlier
con guration used, compulsory use of Perfect forward secrecy in
 case of public-key based key exchange, handshake messages will
SSL Brands SSL Products SSL Reseller My Account
now be encrypted after “Server Hello”.

Di erences between SSL and TLS

However, the di erences between SSL and TLS are very minor. In fact, only a
technical person will be able to spot the di erences. The notable di erences
include:

Cipher suites

SSL protocol o ers support for Fortezza cipher suite. TLS does not o er support.
TLS follows a better standardization process that makes de ning of new cipher
suites easier like RC4, Triple DES, AES, IDEA, etc.

Alert messages

SSL has the “No certi cate” alert message. TLS protocol removes the alert
message and replaces it with several other alert messages.

Record Protocol

SSL uses Message Authentication Code (MAC) after encrypting each message
while TLS on the other hand uses HMAC — a hash-based message
authentication code after each message encryption.

Handshake process

In SSL, the hash calculation also comprises the master secret and pad while in
TLS, the hashes are calculated over handshake message.

Message Authentication