All you need to know: TLS vs. SSL
Cybersecurity can feel like a minefield with all its acronyms. You might not know what SSL or TLS mean or do, but they matter. TLS is why hackers can’t snoop on your traffic and steal your credit card details while you’re using online banking. But how does it work? Read on to learn all about SSL certificates and TLS handshakes.
The definition of SSL and TLS
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are both cryptographic protocols that encrypt and authenticate data traveling from the client (i.e. your device that is requesting a website) to a server, machine or application.
SSL is TLS’ predecessor. SSL was first released to the public in 1995. However, it had many vulnerabilities, so it was replaced by SSL v3.0 a year later. The latter wasn’t perfect either, so TLS was introduced in 1999. Most devices and browsers have now moved to TLS v1.2. However, many people are so used to the term SSL that they will refer to TLS as SSL. Most are now using the term SSL/TLS to ease the transition.
SSL and TSL encryption is also used in public key infrastructure (PKI) technology, which refers to secure online communications and safeguarding digital asset sharing on the public internet or company networks.
Why do websites need SSL/TLS?
SSL/TLS goes hand in hand with HTTP and is what adds the S for ‘security’ in HTTPS. HTTP (Hypertext Transfer Protocol) is an application protocol that transfers data from a web browser to a web server, or in simpler terms, delivers your search results to your browser.
However, HTTP connections aren’t safe on their own. It’s like sending your data out in the open – anyone can see it. HTTP is vulnerable to man-in-the middle attacks, which means that anyone snooping on the traffic could steal your login or credit card details.
That’s why HTTPS was introduced. It’s a combination of HTTP, which handles the mechanics of data transmission, and SSL/TLS, which handles data encryption. With SSL/TLS encryption, your data is much safer – anyone snooping on your traffic can now only see scrambled data. These days, most websites use HTTPS. NordVPN uses it too! Have a look at your URL bar.
How SSL works
SSL/TLS encryption can be divided in two stages: the SSL/TLS handshake and the SSL/TLS record layer. Let’s delve into them in more detail.
What is an SSL handshake?
An SSL/TLS handshake is a form of communication between a client and server where the two decide what protocol version will be used for their further communication. How does performing a TLS handshake work in practice?
- The client sends a ‘hello’ request to a web server it wants to communicate with. It includes the types of ciphers (encryption algorithms) the client can support.
- The server sends a ‘hello’ back with its SSL certificate and its public key. The client and the server here use asymmetric cryptography to exchange secure messages. This means that the client needs the server’s public key to encrypt the messages, and the server needs two keys – private and public – in order to decrypt it. No one snooping on the traffic can decipher their messages.
- The client then uses the server’s public key to create a pre-master secret and sends it to the server. This will be used to create session keys and elevate the communication to symmetric encryption. Both ends will now be using private keys only. Symmetric cryptography will make their communication much faster and will use less resources.
- The server decrypts the pre-master, uses it to create symmetric key and exchanges it with the client. With symmetric encryption established, they can now exchange encrypted communication. The website traffic is secured.
SSL/TLS record layer
This is where the encryption takes place. The data is sent from the user’s application and encrypted. Depending on the cipher, it may also be compressed. Then, it’s sent further to the network transport layer, which determines how to send the data to its target device. SSL inspection is a process where network security devices intercept and analyze SSL/TLS encrypted traffic to ensure it does not contain malicious content.
What is an SSL certificate and why is it needed?
Web servers that support TLS will have “SLS certificates,” though it might be more accurate to call them SSL/TLS certificates. They are acquired from web hosting platforms and are needed during the SSL/TLS handshake process to authenticate that they are indeed secure connection providers.
However, protocols are not the same as certificates. What protocol will be used during your connection, SSL or TLS, is determined by your browser and the target server’s configurations, not the website’s certificate. It’s possible to connect to a website that has HTTPS but uses an outdated SSL v3.0 protocol.
Such connections are vulnerable to attacks. Most new browsers will indicate this in your URL. Just look for the crossed green padlock and HTTPS symbols. If you are worried about accidentally connecting to a website that only supports SSL v3.0, you can manually disable SSL connections. However, this might lead to connection disruptions.
If you’re interested in SSL vulnerabilities, read our blog post about the Heartbleed bug.
Conclusion: TSL vs. SSL
While people may talk about SSL in the modern day, they usually mean TLS v1.2 and are just using the old term out of habit. TLS v1.2 is the superior cryptographic protocol and is far more secure than its predecessor. Most websites are using SSL/TLS, but that term just includes the “SSL” moniker to ease the transition from SSL to TLS v1.2, which is the protocol actually being employed here.
Want to read more like this?
Get the latest news and tips from NordVPN.