Secure Socket Layer (SSL) is the original protocol for encrypting HTTP traffic in the form of HTTPS. Although much of this guide applies to other Transport Layer Security (TLS) applications, we will be focusing on how TLS is used to protect clients connecting to web applications via HTTPS, as it is one of the most common use cases for TLS.
TLS (and it's now outdated predecessor SSL 3.0) is a cryptographic protocol designed to provide computers and networks with communication security.
Several versions of the protocol are widely used, such as TLS 1.1, TLS 2.0 and TLS 3.2.
The TLS protocol was designed to provide three essential services to applications running on it: encryption, authentication and data integrity.
As web usage increased around the globe, it became clear that a common standard for encryption was needed, mainly to ensure data sent between servers and web browsers is secure, to stop cybercriminals accessing private data.
When HTTPS was introduced, it used SSL 1.0, based on technology built by Netscape, with SSL 2.0 and SSL 3.0 coming shortly after that.
TLS is a successor of SSL 3.0 and the current standard protocol for Internet security. Both the server and the client must determine which security protocol to use, achieved through SSL / TLS certificates. The server provides the clients with a TLS certificate to identify and define the highest security protocols for the client session.
The terms SSL, SSL - TLS and TLS, are often used interchangeably, but SSL is the most common term used when referring to website encryption.
Web browsers have TLS and SSL version support, and older services such as SSL 2.0 or older TLS versions can be disabled server-side for further security.
The recently ratified TLS-1.3 seems to build on the security levels and offers several improvements over the previous version of the protocol, as well as some new features and security improvements.
The TLS protocol is also used to secure data over the air, one of the most widely used over-the-air protocols in the world.
TLS ensures that the transport of sensitive data is safe from cybercrime - crimes that steal valuable customer information such as identity theft, identity fraud and other forms of fraud.