ssl vs tls

Difference between SSL and TLS (SSL vs TLS)

In this blog post, we will see the difference between SSL and TLS (SSL vs TLS). SSL stands for Secure Socket Layer and TLS stands for Transport Layer Security. Both SSL and TLS are protocols that help you securely authenticate and transport data on the Internet.

Because TLS is an upgraded version of SSL, so there is only some minor difference between SSL and TLS. In SSL, a Message digest is used to create a master secret while In TLS, Pseudo-random function is used to create a master secret.

See some version of SSL and TLS:

SSL versions:

  1. SSL 1.0 – never publicly released due to security issues.
  2. SSL 2.0 – SSL v2.0 was the first public release of SSL by Netscape in 1995. Deprecated in 2011. Has known security issues.
  3. SSL 3.0 – SSL v3 was an upgrade version of earlier version SSL v2.0 that fixed few security design flaws of SSL v2.0 However, SSL v3.0 deemed insecure in 2004 due to the POODLE attack.Deprecated in 2015.

TLS versions:

  1. TLS 1.0 – released in 1999 as an upgrade to SSL 3.0. Planned deprecation in 2020.
  2. TLS 1.1 – released in 2006 it was an upgrade version of TLS 1.0 version. It added protection against CBC (Cipher Block Chaining) attacks. In March 2020, Google, Apple, Mozilla and Microsoft has announced for deprecation of TLS 1.0 and 1.1 versions.
  3. TLS 1.2 – released in 2008.
  4. TLS 1.3 – released in 2018.

Let see some common difference between SSL and TLS. If you know any other difference, then please write in comment box. I will update the list SSL vs TLS.

SSL

TLS

SSL stands for Secure Socket Layer.

TLS stands for Transport Layer Security.

SSL protocol offers support for the Fortezza cipher suite.

TLS does not offer support Fortezza cipher suite. TLS follows a better standardization process that makes defining of new cipher suites easier like RC4, Triple DES, AES, IDEA, etc.

SSL has the “No certificate” alert message.

TLS protocol removes the alert message and replaces it with several other alert messages.

In SSL (Secure Socket Layer), the Message digest is used to create a master secret.

In TLS (Transport Layer Security), Pseudo-random function is used to create a master secret.

SSL uses Message Authentication Code (MAC) after encrypting each message

TLS on the other hand uses HMAC — a hash-based message authentication code after each message encryption.

SSL (Secure Socket Layer) is complex than TLS(Transport Layer Security).

TLS (Transport Layer Security) is simple.