Should I say SSL or TLS?

Should I say SSL or TLS?

What's the difference?

TLS is a protocol. An SSL/TLS server can either use SSL or TLS. TLS is actually a subprotocol of SSL, which is used to secure traffic over the Internet. It works in much the same way as SSL does on a local network (eg, WLAN) but has the advantage of being more universally supported. In other words, it can encrypt a secure connection over the Internet with much less effort than would be required if you were on an internal network. However, when you are doing a site-to-site VPN or something of that sort, then TLS is not used; the standard is to use SSL.

The two have much the same purpose. The only difference between them is that TLS adds an additional message before the encryption is applied. This one message says whether the connection uses the normal SSL and then TLS or if it just does TLS with no encryption at all. The message is sent before the SSL/TLS handshake starts.

If your SSL/TLS server supports TLS, then SSL can work over the Internet if you want. For example, with OpenVPN, the SSL/TLS server does the normal secure handshake, but also sends an additional message that says that TLS is to follow. This means that the connection will be encrypted as well.

SSL/TLS also has some extra overhead, so it is more expensive than plain SSL. If you only ever send a few messages or just connect and disconnect, then you will notice any difference. However, if you are sending many packets, it will help prevent DoS attacks against your server.

Which should I use? It is probably a good idea to support both protocols. If you support HTTPS on your site, then you must support HTTPS for your WAN connection. If there is no option, then SSL will do. For web mail sites, it is probably best to just support SSL for now, but to check if the site supports it before you do this. It is generally easy to support both; simply have both HTTPS and SSL on the page and choose which one is used based on the client.

A note on TLS: The first time that you try to use it, you will get a warning that you will lose your SSL certificate and have to generate a new one. In reality, this doesn't happen.

What is the main difference between SSL and TLS?

TLS is Transport Layer Security.

It's the underlying security protocol used for most secure communications between a web browser and a web server.

SSL is the Secure Sockets Layer. It is the security protocol used for encrypting information on the internet.

When you request a page from a web server, it returns the page to your browser in plain text. To protect your information, the browser will add an encrypted version of the page back to you. This is called HTTPS (HTTP over SSL). You can view the source code of a secure page by viewing the Source tab in your browser.

TLS is an application layer protocol (the application layer being the one between the operating system and the networking layer, ie the TCP/IP protocol suite). The application layer protocol usually provides confidentiality, authentication, integrity and optionally non-repudiation. SSL is a transport layer protocol (the transport layer being the one between the OSI layers). The transport layer protocol usually provides transport layer security, which is a subset of the application layer security.

The SSL protocol is a subprotocol of the TLS protocol. SSL is an encryption protocol. TLS is the protocol that supports SSL.

Related Answers

What is TLS/SSL Protocol?

TLS stands for Transport Layer Security and it is a protocol used to create a secure connect...

Which is more secure SSL TLS or HTTPS?

and SSL? I know the difference between TCP/IP vs. IP, or S...