What is the difference between SSL and TLS?

This week we are tackling a new series of blog posts on the hottest topics! 

This week’s question is: What is the difference between SSL and TLS? 

TLS stands for Transport Layer Security. On the other hand, SSL stands for Secure Sockets Layer. It is important to note that SSL 2.0 and 3.0 have been deprecated by the Internet Engineering Task Force (IETF) in 2011 and 2015.  Both are cryptographic protocols for securing connections between clients and hosts communication over a computer network. The main differences are apparent when it comes to completing the task of encrypting connections. 

Both SSL and TLS refer to the handshake that occurs between a client and a server. The handshake does not encrypt anything itself but rather securely agrees on the shared encryption type to be used. Additionally the handshake takes part in multiple roundtrips as authentication and key exchange occur. On the other hand, TLS 1.3 has reduced the number of cipher suites available in the protocol, and restructured how the cipher suite “string” is represented. 

In conclusion, while these two terms are still used interchangeably, when considering server configuration there are some significant differences in the architecture and fundamentals of the two protocols that do leave your server at risk, if using SSL, to vulnerabilities, outdated cipher suites and browser security warnings. So, note that in your servers, you should only have TLS protocols enabled to have a secure server. 

Are you new to wolfSSL? 

wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance, such as FIPS 140-2 and 140-3, RTCA DO-178C level A certification, and support for MISRA-C capabilities. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. Our products are open source, giving customers the freedom to look under the hood.

Contact Us 

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.

Additional Resources 

In the meanwhile, check out the wolfSSL embedded SSL/TLS library, star us on Github, and learn more about the latest TLS 1.3 is available in wolfSSL. 

Learn more about TLS and SSL differences here: 

https://www.wolfssl.com/differences-between-ssl-and-tls-protocol-versions-3/