Unless you work with it regularly, there’s a good chance you don’t know the difference between SSL (Secure Sockets Layers) and TLS (Transport Layer Security). And this industry doesn’t do you much favors by colloquially referring to TLS as SSL. There have been four iterations of the TLS protocol. SSL has been (or is supposed to be) completely deprecated. So what’s the difference between SSL and TLS?
You’re about to find out
.
A Brief History
of SSL and TLS SSL and
TLS are cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network (for example, a client connecting to a web server).
Meaning of
SSL
In reality, SSL is only about 25 years old. But in the years of the Internet, that’s old. The first iteration of SSL, version 1.0, was first developed in 1995 by Netscape, but was never released because it was plagued by serious security flaws. SSL 2.0 wasn’t much better, so only a year later SSL 3.0 was released. Again, it had serious security flaws.
TLS
At that time, the guys at Consensus Development took it and developed TLS 1.0. TLS 1.0 was incredibly similar to SSL 3.0, in fact, it was based on it, but still different enough to require a downgrade before SSL 3.0 could be used. As the creators of the
TLS protocol wrote: “The differences between this protocol and SSL 3.0 are not
dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate.”
However, downgrading to SSL 3.0 was still dangerous, given its known and exploitable vulnerabilities. All an attacker needed to do to target a website was to downgrade the protocol to SSL 3.0. Hence the birth of degradation attacks. That ended up being the nail in the coffin for TLS 1.0.
TLS 1.1
came out seven years later in 2006, replaced by TLS 1.2 in 2008. That hurt TLS 1.1 adoption, as many websites simply upgraded from 1.0 to TLS 1.2. We are now at TLS 1.3, which was finalized in 2018 after 11 years and nearly 30 IETF drafts.
TLS 1.3 makes significant improvements over its predecessors and right now major Internet players are pushing for its proliferation. Microsoft, Apple, Google, Mozilla and Cloudflare announced plans to stop using TLS 1.0 and TLS 1.1 in January 2020, making TLS 1.2 and TLS 1.3 the only game in town.
In any case, we’ve been using TLS for the past two decades. At this point, if you’re still using SSL, you’re years behind, living metaphorically in a sad era where people still use phone lines to dial on the internet.
<img src
=”https://www.globalsign.com/application/files/7615/8160/7092/evolution_of_SSL_and_TLS.jpg” alt=”Evolution of SSL and TLS” />
Should I use SSL or TLS?
Both SSL 2.0 and 3.0 have been deprecated by the Internet Engineering Task Force, also known as the IETF, in 2011 and 2015, respectively. Over the years, vulnerabilities have been and continue to be discovered in obsolete SSL protocols (e.g. POODLE, DROWN). Most modern browsers will display a degraded user experience (e.g. line through padlock or https in the URL bar, or other security warnings) when they encounter a web server that uses the old protocols. For these reasons, you should disable SSL 2.0 and 3.0 in your server settings, and while you do, go ahead and despise TLS 1.0 and TLS 1.1 as well. According to a recent WatchGuard survey, nearly 7% of the top 100,000 Alexa still support SSL 2.0 and/or SSL 3.0. So those sites are still out there in abundance.
Before
anyone starts worrying that they need to replace their existing SSL certificates with TLS certificates, it’s important to note that certificates aren’t protocol-dependent. That is, you don’t need to use a TLS certificate versus an SSL certificate. While many providers tend to use the phrase “SSL/TLS Certificate,” it may be more accurate to call them “Certificates for Use with SSL and TLS,” since protocols are determined by server configuration, not the certificates themselves.
That also applies to encryption strength. Many certificates advertise encryption strength, but it’s really the server and client capabilities that determine that. At the beginning of each connection, a process called handshake occurs. During this process, the client authenticates the server’s TLS certificate and the two decide on a mutually compatible cipher suite. Cipher suites are a collection of algorithms that work together to securely encrypt your connection to that website. When the cipher suite is negotiated during the handshake, that is when the protocol version and supporting algorithms are determined. Your certificate simply makes the process easier.
Historically there have been four algorithms in a cipher suite:
- Key
- exchange
- digital signature message
- authentication hash algorithm
(If that seems a bit weedy, it won’t in a second when we discuss the differences between SSL and TLS.)
For now, you’ll likely continue to see certificates called SSL certificates because at this point that’s the term most people are with. Familiar. We are starting to see greater use of the term TLS across the industry, and SSL/TLS is a common commitment until TLS is more widely accepted.
Are SSL and TLS cryptographically different?
yes. The difference between each version of the protocol may not be huge, but if you were comparing SSL 2.0 to TLS 1.3 there would be a cannon between them. In essence, the concept is the same through each version. It’s just the way different protocols perform the task of encrypting connections that diverges.
Each newly released version of the protocol came and will come with its own improvements and/or new/outdated features. Version one of SSL was never released, version two did but had some major flaws, version 3 of SSL was a rewrite of version two (to correct these flaws, with limited success) and version 1 of TLS an improvement of version 3 of SSL. Between TLS 1.0 and 1.1, the changes were minor. TLS 1.2 brought some significant changes and TLS 1.3 has refined and simplified the whole process.
It is worth noting here that SSL and TLS simply refer to the handshake that takes place between a client and a server. The handshake doesn’t actually do any encryption itself, it just agrees on a shared secret and the type of encryption to be used. An SSL handshake uses a port to make its connections. This is called an explicit connection. Port 443 is the standard port for HTTPS, but there are 65,535 ports in total, with only a few dedicated to a specific function.
TLS, on the other hand, starts its connections through the protocol. This is called an implicit connection. The first step of the handshake, the act that begins it, is called the customer greeting. With TLS, this is sent over an insecure channel and the connection changes to port 443 (or the port you have designated) once the handshake has begun.
Traditionally, the handshake has involved several round trips as authentication and key exchange takes place. With SSL, this added latency to connections. That’s where the myth that SSL/HTTPS slows down your website originated. Each new iteration of the protocol has worked to reduce the latency added by the handshake. By TLS 1.2, it was shown that HTTPS was actually FASTER than HTTP due to its support for HTTP/2.
TLS 1.3 has further refined the handshake. It can now be achieved with a single round trip and allows zero round-trip resume (0-RTT). Part of the way this was done was by reducing the number of cipher suites it supports, from four algorithms to two.
Now it is simply a massive encryption algorithm (symmetric/session) and a hashing algorithm. Key exchange and digital signature negotiations have been eliminated. Key exchange is now done using a Diffie-Hellman family, which allows perfect direct secrecy by default and allows the client and server to provide their share of the shared secret in their first interaction. That first interaction is now also encrypted, closing the door to a potential attack vector.
To learn more about the new features released in
TLS 1.3, visit the Cloudflare blog.
Disabling SSL 2.0 and 3.0 and TLS 1.0
If you are not sure if your servers still support SSL protocols, you can easily check this using our SSL server test. For instructions on how to disable SSL 2.0 and 3.0 on popular server types, including Apache, NGINX, and Tomcat, see our related support article. If you still need to disable TLS 1.0, we can help you with that too.
So what’s the difference between SSL and TLS?
In polite conversation, not much, and many people continue to use the terms SSL and TLS interchangeably. However, in terms of configuring your server, there are some important architectural and functional differences. And those differences are the space between vulnerabilities, outdated cipher suites, browser security warnings, and a secure server. When it comes to your servers, you should only have TLS protocols enabled.
Have more questions about SSL/TLS configuration and best practices? Let us know in the comments; We will be happy to help you!
Editor’s note: This post was originally published in July 2016 and has been updated by Patrick Nohe, senior director of product marketing at GlobalSign, to reflect the latest changes in the evolution of SSL.