TLS vs SSL

As the importance of SSL certificates and cryptographic protocols at large begins to soar, and live security flaws become an ever-more-prominent issue with businesses' and individuals' respective online presences, the notion of security awareness has begun to crystallize, too. Namely, exposing security flaws such as deprecated SSL protocols, private key breaches, and web server configuration problems has become an absolute necessity, and with that necessity comes a need for laypersons to become informed on SSL and TLS technologies.


Learning Objectives

After reading this article you will be able to:

  • Know the history of SSL and TLS
  • Compare the differences between SSL and TLS
  • Understand why there is SSL and TLS and why both are needed

Learning Centre

View more resources on cyber security, encryption and the internet.

The key topic we'll be dealing with, however, is how SSL certificates aren't just SSL certificates anymore, and why SSL and TLS technologies get bundled together in casual discussions.

Knowing Your SSL Certificates

The bread and butter of modern SSL certificate products, Transport Layer Security (TLS) is the successor to the effectively outdated Secure Sockets Layer (SSL) technology. The two are intertwined by necessity, however, with SSL and TLS protocols coexisting to form the baseline of any given secure connection on the Internet.

This article aims to take you through the basic information that you, too, need to know about modern cryptographic protocol technologies. In short order, it will explain how the TLS vs SSL comparison works, how SSL and TLS protocols interact with one another, and how contemporary SSL certificates leverage said technologies to establish a secure connection over a given SSL handshake.

Can we even compare TLS vs SSL in the first place?

When it comes to modern cryptographic protocol solutions and SSL and TLS protocols, there's not much point in comparing TLS vs SSL, simply due to the fact that every SSL certificate is, in fact, a TLS certificate.

Indeed, the SSL certificates users can buy and implement in their websites today use a modern TLS version that resolves various security flaws that had been present in historical SSL protocols. These cipher suites are, therefore, far beyond the scope of any old SSL protocol.

For ease of reference and practicality, however, SSL and TLS protocols have been unified under the umbrella of SSL/TLS certificates. This interaction between the two types of secure communication solutions may not describe the exact nature of their respective security certificates and the underlying handshake process, but it does serve a purpose in correlating the two technologies against one another.

Before moving on, let us explain the background of both SSL and TLS protocols in separate contexts.

SSL Certificate History - Secure Sockets Layer

The presence of inherent security flaws in web server implementations was made apparent very early on, in the nascent stages of the Internet. Some of the first major attempts to tackle serious security flaws were made by a company called Netscape, which also ended up producing the very first version of Secure Sockets Layer cipher suites.

Interestingly, SSL 1.0 never did end up seeing a public release. According to authoritative sources on the matter, the issues inherent to this early-stage SSL protocol were unfixable, though the premise of using cipher suites as a baseline for a universal cryptographic protocol was certainly sound, to say the least.

To that end, Netscape quickly moved on to working on SSL 2.0, which was released into the World Wide Web back in 1995. It is worth pointing out that SSL 2.0 - better though it may have been than its direct predecessor - wasn't without fault. Substantial problems with the second rendition of the Secure Sockets Layer technology were identified almost as soon as it was released, but the mere presence of any type of web server security quickly proved to be well worth the trouble.

Namely, SSL 2.0 was limited exclusively to using the MD5 message-digest algorithm - a 128-bit hash function that was cryptographically broken very early on - and employs the same key both of message authentication and encryption. On top of that, SSL 2.0 only allowed the client and server to send one public key certificate to one another, which meant that each certificate needed to be signed directly by a trusted root certificate authority.

Any SSL certificate is better than no SSL certificate

As clumsy of a solution as SSL 2.0 may have been even early in its lifetime, it still provided some amount of security to webmasters from across the world.

In fact, it wasn't until 2011 that SSL 2.0 would finally be deprecated in lieu of the significantly more robust SSL 3.0 protocol. Though its earliest draft came out way back in 1996 - as a response to criticism directed at its predecessor - the technology wouldn't be completely phased out until years later, when vulnerability became too much for the budding Internet cyberspace.

Funnily enough, the baseline Secure Sockets Layer technology would finally be grinding to a halt only three years later, in 2014. SSL 3.0 was proven to be remarkably vulnerable to the then-novel POODLE attack (i.e. Padding Oracle On Downgraded Legacy Encryption), which allowed attackers to make just 256 requests to unravel a single byte of a given encrypted message.

This massive fault in SSL 3.0's implementation of symmetric encryption would lead to the development of the TLS handshake, or the substantially improved version of digital certificates that would eventually solve the vast majority of then-relevant security concerns on the Internet.

SSL Certificate History - Transport Layer Security

Though it wouldn't be officially launched until 2014, the basics of Transport Layer Security were put down a decade and a half before that by the aptly-named Internet Engineering Task Force (IETF), in 1999. TLS version 1.0 was designed as a direct upgrade and success to SSL 3.0, with differences between the two cipher suites being relatively minor, yet significant enough to completely disregard any odds of interoperability.

After SSL 3.0 finally got sunset, Transport Layer Security (TLS) effectively took over all new handshake process instances from that point on. Any SSL version was made legacy, with the only way to secure server configurations in a post-SSL 3.0 world being to rely on the latest SSL/TLS protocols.

Following TLS 1.0, the development of the newly-established Transport Layer Security protocol progressed relatively quickly.

TLS 1.1, for one, was defined in 2006 and wouldn't be deprecated until 2020.

TLS 1.2 got its outline in 2008, introducing support for SHA-256 and optional PRFs specified by the cipher suite, as well as a comprehensive support portfolio for authenticated encryption ciphers.

Adoption of TLS 1.3 remains slow and plodding

The latest version of TLS - TLS 1.3 - is still in its adoption stages. In 2022, most server configurations still rely on TLS 1.2 over its more advanced successor, though this is bound to change in the coming years, as Microsoft pushed for TLS 1.3 support with their releases of Windows 11 and Windows Server 2022, respectively. The changelog is appropriately massive, including support for cutting-edge encryption technology and assorted optimizations.

For all intents and purposes, then, SSL technology is nowadays referenced simply due to semantics. It is the predecessor to the actual modern cipher suites, and all modern encryption keys supersede all legacy SSL digital certificates in every way that matters.

We still do refer to SSL certificates as such, however, with SSL/TLS being the preferred umbrella term when it comes to discussions of what is, effectively, a matter of Transport Layer Security (i.e. TLS certificate products) and little else.

Why is there a TLS vs SSL difference at all?

An interesting tidbit of SSL certificate trivia is that there is, in fact, a curious reason why the world of PKI didn't continue using Secure Sockets Layer terminology - presumably with a hypothetical SSL 4.0 - but chose to rebrand as Transport Layer Security, instead.

According to Tim Dierks, one of the writers of TLS 1.0, the introduction of an entirely new nomenclature for what is, effectively, a continuation of existing terminology was part of the discussions between Microsoft and Netscape back in the mid-90s.

Back then, Netscape and Microsoft were essentially developing competing cipher suite solutions for different web browsers, and the two super-companies needed to come to a unified secure communication solution before further bifurcation of standards.

As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason).
Tim Dierks, Consensus Development VP

TLS 1.0 was, at the time, known as SSL 3.1, but the only way to get Microsoft to forego their own tech in lieu of something standardized was to get rid of Netscape's naming scheme. Namely, the company in charge of these discussions - Consensus Development, where Dierks then worked - was attempting to change SSL 3.0 so it wouldn't look like Microsoft was simply re-titling the SSL certificate protocol that Netscape had come up with.

As it turned out, one of the main publicly visible changes was the revamp of the naming scheme. That's how SSL 3.1 became TLS 1.0. Simple, yet effective.

How do Modern SSL Certificates Work?

Given that modern digital (TLS) certificates use TLS protocols delivered via TLS certificate products, the underlying technology is generally mostly the same between them. Though support for cutting-edge TLS 1.3 certificates is slowly rolling out, the vast majority of relevant domains are still relying on TLS 1.2 for protection.

The entire process of deployment and usage of a given SSL certificate can be described in terms of a single TLS handshake.

As per the current Transport Layer Security (TLS) standards, each TLS certificate consists of two main elements: the public key, and the private key. These keys are crucial elements of the message authentication process, as they allow for a safe transfer of encrypted data over the Internet.

Leveraging Public and Private Keys in the name of Security

Whenever a user visits your website, their web browser will communicate with the domain server to confirm whether or not an SSL/TLS connection could be established. If TLS communications are established, the server will subsequently share its TLS certificate and the attached public key with the browser, which results in the creation of session keys.

Once it has access to a session key, the user's browser will confirm or deny the trustworthiness of the given TLS certificate (whether it is issued by a trusted third party or not, whether it is still valid or not, etc.).

After this has all been done and confirmed, the browser can proceed with sending back a symmetric session key, which the server then decrypts using the aforementioned private key. The next step is the acknowledgment between the browser and the server that an encrypted session could be started.

Issues on the Horizon

Of course, it's always worth remembering that the introduction of new security standards - such as the jump from SSL 3.0 to TLS 1.0 - doesn't mean all that much if certificate authorities don't adapt their products accordingly.

Studies have shown that numerous root authorities yet fail to implement valid SSL/TLS functionality in their SSL certificate products.

More than 50 root authorities continue to use 1024-bit RSA keys, the last of which expires in 2040 - more than 20 years past recommended use for a key of this size. Certificate Authorities are not adequately considering long-term consequences of authority certificates and need to anticipate what the cryptographic landscape will be in the future.
Analysis of the HTTPS Certificate Ecosystem, by Durumeric, Kasten, Bailey, Halderman

Of course, this is just the reality of the current SSL certificate market - users ought to be aware of the products they're investing in. The issues implied by the given study relate to the topic at hand simply as an additional contextualization of the otherwise complex matter of private key infrastructure and general use of SSL certificate implementations.

Modern web browsers can host immense transitions of sensitive data, which is an invitation to malicious elements present online. As attacks grow more complex in nature, so too does contemporary encryption strength.

Still, an awareness of the reality of these threats is very much needed, as handshake messages and cipher block chaining are no magic.

TLS vs SSL: Why Compare the Two at All?

Now that all the basics are in place, the question one might want to ask is - why would anybody be comparing TLS vs SSL in the first place? The answer lies - more often than not - in the fact that a layperson doesn't know the intricacies of modern SSL/TLS certificate solutions, and generally doesn't need to understand the related jargon.

To someone that's just getting familiar with the topic of web server protection and SSL certificates, it very well could look like SSL and TLS are two competing protocols that they may be able to choose from. With the immense glut of information about modern security protocols available online, simply sifting through all the information that is available could look like an insurmountable issue.

SSL and TLS protocols are, in this day and age, one and the same

In every way that matters in practical terminology, SSL and TLS protocols are one and the same. Much of the information we have gone through in this article should help contextualize how the technology developed, how SSL certificates have technically been sunset by the more advanced TLS certificates, and why we still use SSL/TLS verbiage even though SSL is no longer in use.

Of course, there still remains the matter of actual, literal differences between outdated SSL certificates and the more modern TLS certificates, for those who are interested.

TLS vs SSL: What are the differences?

The major differences between SSL certificates and TLS certificates can be simply described by discussing five major features of any given SSL/TLS certificate. We'll go into some detail on how these features compare between the two security standards in this section.

Simply put, there are five major areas of operation in which contemporary SSL certificates differ from legacy SSL certificates:

  • Handshake process
  • Message authentication
  • Cipher suites
  • Record protocol
  • Alert messages

Note that we are simplifying things a fair bit here. The specific operation and specialization of SSL certificates both go far beyond the scope of this shortlist, and if you're interested in learning how a given SSL certificate operates, or how some TLS protocol behaves in practice, you may need to refer to specific product pages for more information.

Handshake Process

Hash calculation that was done as part of old SSL certificates included the master secret and pad that had been prepared beforehand, whereas modern TLS certificates generate their master secret on the fly using a pseudo-random function.

Message Authentication

In SSL certificates, message authentication was conducted ad-hoc, using both key information and application data all at once. TLS protocols, instead, use HMAC, which is essentially a standardized message authentication code.

Cipher Suites

TLS removed support for the Fortezza cipher suite from the get-go, opting instead for the much-improved standardization process, allowing the introduction of entirely new cipher suites. These include, but are not limited to AES, IDEA, RC4, and others. SSL certificates simply did not have this capability.

Record Protocol

TLS certificates use HMAC after every message encryption, while SSL certificates used bog-standard MAC to do the same job, which means it lacked the additional cryptographic protocols that HMAC's hash functionality now provides by default.

Alert Messages

While SSL certificates only supported a single, mostly nondescript "no certificate" error message, TLS certificates instead feature a wide variety of browser security warnings, allowing for significantly easier diagnostics and problem-tracking in regard to network security.


Concluding Remarks

By now, it should be plenty obvious that comparing TLS vs SSL isn't, in fact, something anyone should do in practical terms. In terms of historical SSL certificate development, however, there is certainly merit in seeing why there wasn't a direct successor to SSL 3.0, and why modern web browsers generally employ both SSL and TLS protocol to ensure a safe browsing environment.

The topic of TLS vs SSL comparisons, for the most part, seems to be derived from a lack of understanding of how SSL and TLS function, and the manner in which every modern TLS protocol is, in fact, derived from legacy SSL implementations.

The SSL certificates webmasters have access to today go far and beyond the original SSL and TLS implementations, as they were first envisioned. Whether it's in regard to features or sheer security management functionality, TLS versions 1.2 and 1.3 are solid ways to encrypt data on the cheap, with certificate authorities constantly working to improve encryption strength and the handling of TLS handshakes in their SSL protocols.