What is the difference between SSL and TLS?

TLS and SSL both are cryptographic protocols to secure sensitive information transmitted between a browser and servers. These cryptographic protocols allow sensitive information such as credit card numbers, social security numbers and login details to be transmitted in an encrypted form.

Without SSL/TLS, data transmitted between browser and server is sent in plain-text, which is vulnerable to eavesdropping. Network attackers can easily intercept information transmitted in plain text.

SSL (Secure Socket Layer)

SSL communication protocol was designed in 1996 to provide privacy and reliability between two servers or applications. SSL prevents attackers by compromising the sensitive information traveling between servers or client and server.

Latest available version of SSL is 3.0 which was recently found vulnerable. Due to this vulnerability, attackers can extract plaintext of encrypted information from established secure connections. Although SSL 3.0 is almost 18 years old protocol, but it is still widely used in servers and supported by all browsers.

TLS (Transport Layer Security)

TLS is nothing but a new name for SSL. Because, after latest version of SSL 3.0, its predecessor TLS 1.0 was introduced. Hence, TLS 1.0 is just SSL 3.1 but more reliable. The Subsequent versions of TLS (TLS 1.1 and TLS 1.2) are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.

The newer TLS versions can prevent BEAST, POODLE and other attack vectors and provide many stronger ciphers and encryption methods. Unfortunately, even now a majority of web sites do not use the newer versions of TLS and permit weak encryption ciphers.

The main difference between SSL and TLS is as below:

SSL connections are begin with security and proceed directly to secured communications. Whereas, TLS connections first begin with an insecure “hello” to the server and only switch to secured communications after the handshake between the client and the server is successful. If the TLS handshake fails for any reason, the connection is never created. The exact differences between SSL-TLS are extremely technical, but in simpler words, we can say that TLS is latest and more refined cryptographic technology.

  • 1 Users Found This Useful

Was this answer helpful?

Related Articles

How to generate CSR key in IIS 7?

Windows VPS clients can generate the CSR key from IIS 7 at their end. This article will give you...

How to add, remove and bypass common DNS records in CloudFlare?

This article will guide you how to add, remove and bypass common DNS records in...

Comparison Between AccuWebHosting Paid SSL and Free CloudFlare SSL

The SSL Certificates are small data files that digitally bind a cryptographic key, so the data...

Comparison Between Paid SSL by AccuWeb Hosting and Let's Encrypt Free SSL?

The SSL Certificates are small data files that digitally bind a cryptographic key, so the data...

What should I choose at the time of purchase of SSL? WWW or without WWW?

In this case, you can consider the fact "How you have configured your website". To determine...