Welcome to another Kiiff Blog post! Today, I want to explore the similarities and differences between TLS and, the more well known, SSL. If you would like a refresher on SSL, check out this earlier blog post.
What is TLS?
TLS stands for Transport Layer Security. It uses a handshake sort of protocol to negotiate ciphers and other security factors between a client and server, just like SSL. The protocol is very similar to SSL. Just like TCP, it also uses a three way handshake. SSL was the predecessor to TLS that is being phased out as TLS is used more often. According to the IETF regarding TLS, “The differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough that TLS 1.0 and SSL 3.0 do not inter-operate.” Now that we have the foundation of the protocol understood, I want to examine how this may effect certificate handling.
What About Certificates?
Do not fear! Though SSL and TLS are different as protocols, the certificates they use are interchangeable. Therefore, you don’t need to worry about finding a special certificate or something because you are afraid SSL is outdated. If you feel better, any certificate can be used with both of the protocols, so long as they come from an appropriate Certificate Authority of course.
Some companies like Symantec, still refer to all of their certificates as SSL certificates, though they are using the updated TLS protocols. This is because though it may be factually incorrect, SSL is a much more widely recognized industry term than TLS. As of this writing, the latest and greatest version of TLS, TLS 1.3, is in it’s final draft stages and may be released soon.
You will know that your site is secured by an “SSL” certificate when you see the green HTTPS in your url bar. Here at Kiiff, we offer a FREE certificate when you host with us, so your customers know that you want them to trust you right off the bat. And, now you understand exactly what goes into that certificate!