SSL vs TLS: What's the Difference?
SSL and TLS explained: the differences between protocol versions, why SSL is deprecated, and why everyone still says 'SSL' when they mean TLS.
Every time someone says "SSL certificate," they're technically wrong. The protocol we all use today is TLS, not SSL. SSL has been deprecated for over a decade. But the name stuck, and now we're all committed to the misnomer. Here's the actual difference, why it matters, and why the industry collectively decided to just keep saying "SSL" anyway.
A Brief History of Encryption Protocols
The story starts at Netscape in the mid-1990s, when the web was young and sending your credit card number over the internet was a terrifying proposition.
SSL 1.0 (1994) -- Never publicly released. It had fundamental security flaws that were caught before launch. Netscape quietly shelved it.
SSL 2.0 (1995) -- The first public release. It enabled encrypted web connections for the first time, but it had serious vulnerabilities including susceptibility to man-in-the-middle attacks and weak message authentication. It was officially deprecated in 2011 (RFC 6176), though nobody should have been using it long before that.
SSL 3.0 (1996) -- A complete redesign that fixed SSL 2.0's problems. It worked well enough to become the foundation of encrypted web traffic for years. It was finally killed by the POODLE vulnerability in 2014, which allowed attackers to decrypt encrypted connections. Deprecated in 2015 (RFC 7568).
TLS 1.0 (1999) -- When the Internet Engineering Task Force (IETF) took over the protocol from Netscape, they renamed it to TLS (Transport Layer Security). TLS 1.0 was essentially SSL 3.1 with minor differences, but the name change signaled that it was now an open standard, not a proprietary Netscape protocol. Deprecated in 2021.
TLS 1.1 (2006) -- Incremental improvements, including better protection against cipher-block chaining attacks. Also deprecated in 2021.
TLS 1.2 (2008) -- Major upgrade. Added support for authenticated encryption (AEAD ciphers like AES-GCM), better hash algorithms (SHA-256), and removed many legacy features. Still widely used and considered secure.
TLS 1.3 (2018) -- The current standard. Dramatically simplified the protocol, removed all insecure cipher suites, reduced the handshake from two round-trips to one (or zero with 0-RTT), and made perfect forward secrecy mandatory. This is what you should be using.
Why SSL Is Dead
Every version of SSL has known, exploitable security vulnerabilities:
- POODLE (2014) allows attackers to decrypt SSL 3.0 connections by exploiting the padding in CBC-mode ciphers.
- BEAST (2011) targets SSL 3.0 and TLS 1.0 cipher-block chaining.
- DROWN (2016) allows attackers to break TLS connections if the server also supports SSL 2.0.
These aren't theoretical attacks. They're practical exploits that have been demonstrated and used in the wild. No version of SSL is safe to use, and no modern browser or server should have SSL enabled.
If your server supports SSL 3.0, fix it now
Any server still accepting SSL 2.0 or 3.0 connections is actively vulnerable. Disable these protocols immediately. There is no legitimate reason to keep them enabled.
Why Everyone Still Says "SSL"
If SSL is dead, why does every hosting provider, certificate authority, and monitoring tool still use the term "SSL certificate"? A few reasons:
Brand recognition. People have been saying "SSL" for 30 years. The term is embedded in product names, marketing materials, documentation, and everyday conversation. Trying to rebrand to "TLS certificate" at this point would just confuse people.
Search behavior. People search for "SSL certificate," not "TLS certificate." Google Trends consistently shows "SSL" with 10-20x the search volume of "TLS." If you're selling certificates or writing about them, you use the term people actually search for.
The certificate itself is protocol-agnostic. Here's the thing -- the certificate doesn't care whether it's used with SSL or TLS. An "SSL certificate" and a "TLS certificate" are the same X.509 certificate. The certificate contains your public key, domain name, and CA signature. The protocol (SSL or TLS) is a separate configuration on your server. So calling it an "SSL certificate" isn't really wrong in a practical sense -- it's just imprecise.
Habit. Sometimes the simplest explanation is the right one. We say "SSL" because we've always said "SSL."
TLS 1.2 vs TLS 1.3: What Actually Matters Today
Since SSL is off the table and TLS 1.0/1.1 are deprecated, the real comparison that matters is between TLS 1.2 and TLS 1.3.
| Feature | TLS 1.2 | TLS 1.3 |
|---|---|---|
| Handshake round-trips | 2 (can be 1 with session resumption) | 1 (0 with 0-RTT) |
| Perfect forward secrecy | Optional (depends on cipher suite) | Mandatory |
| Cipher suites | Many (including insecure legacy options) | Only 5 (all AEAD) |
| Handshake encryption | Server certificate sent in plaintext | Server certificate encrypted |
| Performance | Slower initial connection | Faster initial connection |
| Browser support | Universal | All modern browsers (95%+ of traffic) |
| Vulnerability surface | Larger (more configurable) | Minimal (secure by default) |
TLS 1.3 is faster. The reduced handshake means connections establish more quickly. On mobile networks with high latency, this difference is noticeable.
TLS 1.3 is more secure. By removing all insecure cipher suites and making forward secrecy mandatory, TLS 1.3 eliminates entire categories of attacks. You can't misconfigure it into an insecure state because the insecure options don't exist.
TLS 1.3 is simpler. Fewer cipher suites means fewer things to go wrong. Server administrators don't need to agonize over cipher suite ordering or worry about accidentally enabling a weak algorithm.
Monitor your certificates across all protocols
SSL Certificate Expiry checks your certificates regardless of which TLS version your server uses.
How to Check Which Protocol Version Your Server Supports
Using OpenSSL
Test specific protocol versions against your server:
# Test TLS 1.2
openssl s_client -connect yourdomain.com:443 -tls1_2
# Test TLS 1.3
openssl s_client -connect yourdomain.com:443 -tls1_3
# Test SSL 3.0 (should fail)
openssl s_client -connect yourdomain.com:443 -ssl3
If the connection succeeds, that protocol version is enabled. If it fails with a handshake error, it's disabled (which is what you want for SSL 3.0 and TLS 1.0/1.1).
Using SSL Labs
Run your domain through Qualys SSL Labs (ssllabs.com/ssltest). The results page includes a "Configuration" section that lists every protocol version your server accepts. It will flag any deprecated protocols as a security concern.
Using nmap
nmap --script ssl-enum-ciphers -p 443 yourdomain.com
This lists all supported protocol versions and cipher suites, giving you a complete picture of your server's TLS configuration.
What You Should Disable (and Why)
If your server still accepts any of these protocols, disable them:
- SSL 2.0 -- Catastrophically insecure. No legitimate client needs it.
- SSL 3.0 -- Vulnerable to POODLE. No legitimate client needs it.
- TLS 1.0 -- Deprecated by all major browsers as of 2020. PCI DSS compliance has required disabling TLS 1.0 since June 2018.
- TLS 1.1 -- Deprecated alongside TLS 1.0. Offers no meaningful security advantage over 1.0 and lacks features of 1.2.
Your server should support TLS 1.2 and TLS 1.3. That's it. If you're configuring a new server, you could argue for TLS 1.3 only, but TLS 1.2 still serves a meaningful percentage of clients (particularly older corporate environments and some IoT devices).
Check your compliance requirements
PCI DSS 3.2.1 requires TLS 1.2 as a minimum. NIST guidelines recommend TLS 1.2 or 1.3. If you're in a regulated industry, your protocol configuration may be dictated by compliance standards.
The Bottom Line
SSL and TLS are different protocols. SSL is dead and should never be used. TLS 1.2 and 1.3 are the standards. But "SSL certificate" as a term isn't going anywhere, because the certificate itself works with any protocol version your server supports.
What actually matters is your server configuration. Use TLS 1.2 and 1.3, disable everything else, and don't worry too much about what you call the certificate. Everyone knows what you mean when you say "SSL."
Related Articles
SSL is dead. Long live TLS. But we'll keep calling the certificates "SSL" because changing habits is harder than upgrading protocols.
Never miss an SSL certificate expiry
Monitor your certificates and get alerts before they expire. Free for up to 3 certificates.