The differences between HTTPS, SSL, and TLS

It's easy to confuse these terms and use them interchangeably.

Let's look into each one and see how they differ.

What's HTTPS?

HTTPS is the secured version of HTTP: HyperText Transfer Protocol.

HTTP is the protocol used by your browser and web servers to communicate and exchange information.
When that exchange of data is encrypted with SSL/TLS, then we call it HTTPS. The 'S' stands for Secure.

OMG! Wait! Did I say SSL/TLS! Why?

Because it's the precise way to talk about SSL and TLS.

SSL stands for 'Secure Sockets Layer'. A protocol created by Netscape.

SSL is a dinosaur by Internet standards. The first version was never released and version 2 launched with the browser Netscape 1.1 in 1995.
Later that year Netscape released version 3 because version 2 had some major security problems.
We were all happy cats until 1999. Browser wars between Netscape and Microsoft, the need for standards, and Britney Spears - '...Baby One More Time' changed the world as we know it. Fur-ever.

Oops, I did it again.

Netscape gave control of SSL protocol to the IETF: Internet Engineering Task Force.

Before 1999 ended, IETF released TLS version 1.0 (Which was really SSL 3.1).

SSL was renamed to TLS: Transport Layer Security. Creating confusion and chaos still to this day.

Thanks 1999.

TLS 1.0 took off and version 1.1 was released in 2006.
A couple of years later, in 2008, TLS 1.2 was released to address a few flaws and exploits.

However, it's not until 2013 that browsers start to catch up and add support for TLS 1.2.

To add to the confusion, SSL 3.0 was officially deprecated in 2015.

TLS 1.3 was approved in march 2018 and your browser might already support it. Click here to check the current TLS version for your browser. But come back to finish the story.

TLS 1.3 brings great security improvements and removes old weaker features.

No worries if your browser doesn't support it yet. TLS 1.2 is still the recommended version if you are reading this in Spring/Summer 2020.

Let's recap.

HTTPS is just the HTTP protocol but with data encryption using SSL/TLS.
SSL is the original and now deprecated protocol created at Netscape in the mid 90s.
TLS is the new protocol for secured encryption on the web maintained by IETF.

And now you know the hiss-tory.

Next on HowHTTPS.works...

Certificates and Certificate authorities: What Do They Know? Do They Know Things?? Let's Find Out!

Continue reading