TLS, Transport Layer Security, is the IETF standard for secure network sessions with authentication, integrity and confidentiality. TLS runs on top of TCP, Transmission Control Protocol. The sister protocol DTLS is created for UDP transports.
What about SSL?
SSL, Secure Socket Layer, was created by Netscape Communications a long time ago. SSL v3 was published as an RFC as the standard transitioned to the IETF. The IETF, the organisation that creates Internet standards, took on the work and created TLS version 1, which is very similar to SSL version 3. The name SSL was a trademark and could no longer be used.
All versions of SSL is today considered insecure and should no longer be used. We as a community should stop talking about “SSL” and only use the TLS acronym.
Let SSL get a well deserver retirement and move on to TLS!
If SSL is insecure, what next?
All solutions based on cryptography is a moving target. Computers get stronger which means that was considered secure cryptographic algorithms and key lengths a few years ago can be broken by cell phones today. Algorithms are proven to be weak and is abandoned. To stay secure, you need to update your configurations and applications all the time.
This site reflects some, but not all of the latest recommendations. We will continue to update the tests – but need your help. Send us feedback, ideas and suggestions for improvements!
Standardisation, profiles, recommendations
- Mozilla has a page with advice on configurations
- Bettercrypto.org is a project that produces copy and paste configurations for TLS in various products and servers.