SSL (Secure Sockets Layers) and TLS (Transport Layer Security)
A Brief History of SSL and TLS
SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network (e.g. a client connecting to a web server). In reality, SSL is only about 25 years old. But in internet years, that¡¦s ancient. The first iteration of SSL, version 1.0, was first developed in 1995 by Netscape but was never released because it was riddled with serious security flaws. SSL 2.0 was't a whole lot better, so just a year later SSL 3.0 was released. Again, it had serious security flaws.
At that point, the guys at Consensus Development took a crack at it and developed TLS 1.0. TLS 1.0 was incredibly similar to SSL 3.0 ¡V in fact it was based on it but still different enough to require a downgrade before SSL 3.0 could be used. As the creators of the TLS protocol wrote:
"The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not interoperate."¨
Downgrading to SSL 3.0 was still dangerous, though, given its known, exploitable vulnerabilities. All an attacker needed to do to target a website was downgrade the protocol to SSL 3.0. Hence, the birth of downgrade attacks. That ended up being the nail in the coffin for TLS 1.0.
TLS 1.1 came out seven years later in 2006, replaced by TLS 1.2 in 2008. That hurt TLS 1.1 adoption as many websites simply upgraded from 1.0 to TLS 1.2. We are now at TLS 1.3, which was finalized in 2018 after 11 years and nearly 30 IETF drafts.
TLS 1.3 makes significant improvements over its predecessors and right now major players around the internet are pushing for its proliferation. Microsoft, Apple, Google, Mozilla, and Cloudflare all announced plans to deprecate both TLS 1.0 and TLS 1.1 in January 2020, making TLS 1.2 and TLS 1.3 the only game in town.
At any rate, we've been using TLS for the past couple decades. At this point, if you¡¦re still using SSL you're years behind, metaphorically living in a forlorn era where people still use phone lines to dial on to the internet.
Should You Be Using SSL or TLS?
Both SSL 2.0 and 3.0 have been deprecated by the Internet Engineering Task Force, also known as IETF, in 2011 and 2015, respectively. Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL protocols (e.g. POODLE, DROWN). Most modern browsers will show a degraded user experience (e.g. line through the padlock or https in the URL bar, or other security warnings) when they encounter a web server using the old protocols. For these reasons, you should disable SSL 2.0 and 3.0 in your server configuration, and while you're at it to go ahead and deprecate TLS 1.0 and TLS 1.1, too.
According to a recent WatchGuard survey, nearly 7% of the Alexa Top 100,000 still support SSL 2.0 and/or SSL 3.0. So those sites are still out there in abundance.
Certificates Are Not the Same as Protocols
Before anyone starts worrying that they need to replace their existing SSL Certificates with TLS Certificates, it's important to note that certificates are not dependent on protocols. That is, you don't need to use a TLS Certificate vs. an SSL Certificate. While many vendors tend to use the phrase "SSL/TLS Certificate"¨ it may be more accurate to call them "Certificates for use with SSL and TLS," since the protocols are determined by your server configuration, not the certificates themselves.
That goes for encryption strength, too. Many certificates advertise encryption strength, but truly it's the capabilities of the server and the client that determine that. At the beginning of each connection, a process called a handshake occurs. During this process, the client authenticates the server's TLS certificate and the two decide on a mutually supported cipher suite. Cipher suites are a collection of algorithms that all work together to securely encrypt your connection with that website. When the cipher suite is negotiated during the handshake, that's when the version of the protocol and the supporting algorithms are determined. Your certificate just facilitates the process.
Historically there have been four algorithms in a cipher suite:
- Key Exchange
- Digital Signature
- Message Authentication
- Hashing Algorithm
(If that seems a little in the weeds, it won't in a second when we discuss the differences between SSL and TLS.)
For now, it's likely you will continue to see certificates referred to as SSL Certificates because at this point that's the term more people are familiar with. We're beginning to see increased usage of the term TLS across the industry, and SSL/TLS is a common compromise until TLS becomes more widely accepted.
So, what's the difference between SSL and TLS?
In polite conversation, not much and many people continue to use the terms SSL and TLS interchangeably. In terms of your server configuration though, there are some major architectural and functional differences. And those differences are the space between vulnerabilities, outdated cipher suites, browser security warnings ¡V and a secure server. When it comes to your servers, you should only have TLS protocols enabled.
Alert: For Control Panel Help & Tutorials, click here: Panel Tutorials
