SSL vs. TLS: The Future of Data Encryption

From a functionality standpoint, SSL and TLS are almost identical: TLS also encrypts data in transit and requires a “handshake” between two authorized servers before it spills its contents.

In a recent article from Tom’s Guide on security trends, Marshall Honorof writes about SSL protocol and the likelihood that the NSA has already cracked it.

He goes on to talk about Transport Layer Security (TLS) and why it’s the more secure successor to SSL.

The differences between SSL and TLS are subtle and extremely technical, but TLS is generally a newer and more refined system. Even so, the two methods are so similar that some email programs even use the two terms interchangeably.

“In terms of web browsing and online shopping, the safest recourse might be to use an HTTPS plugin like HTTPS Everywhere, which will automatically activate SSL or TLS protocols on a website if they are available. Granted, if a website only offers SSL functionality, it may not do much good, but it’s better than taking no precautions at all.”

The article provides a more in-depth breakdown of the differences and strengths of both SSL and TLS which are important for any server or network administrator to know.

How SSL Protects You

SSL simply encrypts data before it’s sent to another party. If a man in the middle were to steal your data while in transit, they would not be able to use it since the information is protected by an unbreakable algorithm preventing your data from being revealed.

It’s critical however, that when making the connection in the first place, the party you connect to is a trusted organization. Cheap SSL Certificates offer encryption but don’t provide any authentication that the party on the other end is a trusted individual. Encrypting your data before it’s sent to a hacker is no more safe than leaving your data unsecured in the first place.

That’s why at DigiCert, you won’t find any Domain Vetted (DV) SSL Certificates. At DigiCert, know that trust is at the center of online security and individuals need to work with organizations they can trust. DigiCert providers high assurance Organization Validated (OV) and Extended Validation (EV) SSL and TLS Certificates because of the level of trust they provide.

Better security with TLS

There’s a subtle difference between the SSL and TLS protocols, but it’s also very technical. Because TLS is a newer protocol it’s been able to take the best of SSL (version 3.0) and improve the level of security. TLS version 1.0 implemented many of these security improvements, and TLS versions 1.1 and 1.2 surpass previous improvement “by leaps and bounds”, says Honorof.

The entire article goes on to discuss additional benefits from TLS and how improvements in encryption standards are making the Internet a safer place.

Posted in Encryption, Security, SSL, Uncategorized