3 Fundamental Differences: SSL vs TLS

Posted on 19th June 2020 by Samantha in Website
6 minutes read
Back To Blog
ssl vs tls differences
Share this article:

Your website security should be the top priority and is vital for the overall success of your business. When it comes to the frontline of internet security for your website, knowing the difference of SSL vs TLS certificates helps you to understand how best to protect your sensitive data online.

We’ve talked about how important online privacy is, the pitfalls of cybercrime, and the fall out your website can experience from cyber attacks. A crucial point of shielding yourself and your website from these kinds of security breaches is to have an end to end encryption of the data passing between computers and web servers.

As societies evolves, we become more digitally connected than ever. As such, we have far more connections digitally and a secure Transport Layer Security (TLS) network protocol is imperative to safeguard your data from harm on the net.

The TLS protocol is used in tandem with the HTTPS protocol, among others, to encrypt and then authenticate computers communicating across the internet. In this article, we will outline the difference between TLS and SSL protocols and why you need HTTPS on the internet to stay secure. Let’s dive in.

1. TLS is and upgrade of encryption and SSL

The encryption used by many is TLS – a modern, more secure version of SSL certificates. Today, when people mention SSL – the older version, they actually mean TSL. SSL/TLS means “Secure Sockets Layer” and “Transport Layer Security”

Transport Layer Security and Secure Sockets Layer (SSL) are both network protocols that encrypt and allow data to be transferred privately and securely between a web server and a web browser.

Technically speaking, TLS consists of two parts:

  1. The first part is the TLS handshake layer. It manages which cypher, that is, the type of encryption algorithm used to authenticate specific certificate linked to your domain name and organization. It generates and exchanges a secure key based on the pair of keys public and private. The process of a TLS handshake is carried out once and is tasked to establish a secure network connection for both ends.
  2. The second part is the TLS record layer. This layer gets data from the user applications, then it encrypts it, fragments it so that it is the right size as determined by the cypher, and it sends the information to the network transport layer.

TLS launches an encrypted, bidirectional network pathway for random data to travel between two hosts. TLS is most often used in conjunction with other Internet protocols such as HTTPS, SSH, FTPS, and secure email.

In 1999, TLS traded the older SSL protocol as the encryption most websites use. This change was made to avoid legal issues with the Netscape company, which created SSL so that the protocol could be developed as an open standard, free for all.

HTTP vs HTTPS

The major difference between the two is that HTTPS is the HTTP protocol rooted within the TLS protocol. While HTTP handles all of the web browsing mechanics, and TLS handles the encrypting of the data sent across a network and verifies the identity of the server host by using a certificate for authentication. More and more web servers online are also going HTTPS-only, not just for security reasons, but for other practical arguments:

  • Some browser vendors now require HTTPS for certain browser features (e.g. geolocation). And Google and Firefox already phased out non-encrypted HTTP in their browsers. So, the browser community already pushed for HTTPS as the standard for increased security.
  • Users expect a trust- and safety-indicating URL bar (e.g., the padlock icon) without any security warnings, especially on eCommerce sites and other sites with privacy-sensitive data.

It may increase your search engine indexing and ranking, too, though this has yet to be confirmed by Google.

2. Differences Between the SSL, SSL v3, and TLS Protocols

Numerous versions of SSL and TLS have been released over the years:

  • 1995: SSL v2 was the first public release of SSL by Netscape.
  • 1996: SSL v3 was a new version that fixed several security designs flaws of SSL v2. By 2004, v3 was considered insecure due to the POODLE attack.
  • 1999: TLS v1.0 was released with an SSL fallback mechanism for backwards-compatibility.
  • 2006: TLS v1.1
  • 2008: TLS v1.2 is the current TLS standard and is used in most cases.
  • TLS v1.3 is currently still only a working draft specification.

Most applications, such as browsers, are compatible with some of the older SSL protocol versions, too, although SSL is slowly being phased out in favour of the better TLS security.

3. Pros and Cons of using TLS and SSL

There is a myriad of benefits for using encryption to protect your site, and by extension your customers’ sensitive data; this is especially imperative for eCommerce and health-related websites.

Pros: SSL/TLS Security

Your website’s traffic benefits from TLS security in two ways:

  1. It prevents cybercriminals from intruding and tampering with the communication between your website and web browsers. Malicious cybercriminals to benign invaders like ISPs or hotels that attempt to inject ads into pages. Sensitive data includes users’ login credentials, credit card and bank details, email info and other private data that can be revealed over a vulnerable and exposed network.
  2. They prevent cybercriminals from passively listening to communications between your server and user browsers/computers. This is more of an elusive scenario but is a growing threat.

The importance of these pros can’t be exaggerated — especially for eCommerce sites that depend on getting and retaining user trust for sales.

Cons: SSL/TLS “Handshake”

As amazing as it sounds, TLS has a few drawbacks:

  1. TLS will add dormancy to your site’s traffic.
  2. The handshake is resource-intensive. It uses asymmetric encryption to establish a session key, which then allows the web client and server to switch to faster symmetric encryption which may or may not slow things down.
  3. TLS will add complexity to your server management. It requires you to get a certificate installed on your web server and preserve the validity of that certificate. Now, there are automated tools for (domain-validated) certificate management.

Additionally, although the HTTP/2 standard itself does not require the use of encryption, most client operations (Firefox, Chrome, Safari, Opera, IE, Edge) have said they will only support HTTP/2 over TLS, which makes encryption mandatory.

Begin Building an SSL-Secured Site in Minutes

You’re well equipped now to choose the right TSL/SSL certificate for your site in minutes. Securing your site by using HTTPS is tantamount to your overall success. At Hosting.uk we have an array of TLS certificate options available to you with your hosting plans. With HTTPS you show your customers and web visitors that your site is legit, secure and  safe. Check out this article for information on how to choose an SSL certificate for your site.