Security

What is SSL?

(Secure Sockets Layer)

A deprecated cryptographic protocol that was designed to provide secure communication over computer networks by encrypting data transmitted between clients and servers. SSL has been succeeded by TLS (Transport Layer Security).

Key Characteristics:

SSL was developed by Netscape in the mid-1990s to secure internet communications, particularly for e-commerce and sensitive data transmission. While SSL laid the foundation for secure web communications, it is now considered obsolete due to known security vulnerabilities. The term "SSL" is still commonly used colloquially to refer to secure connections, even though modern systems use TLS.

Historical Context:

SSL went through several versions:

  1. SSL 1.0: Never publicly released due to security flaws
  2. SSL 2.0: Released in 1995, later found to have significant vulnerabilities
  3. SSL 3.0: Released in 1996, deprecated in 2015 due to the POODLE attack

After SSL 3.0, the protocol was redesigned and renamed to TLS 1.0 in 1999, marking the transition to the modern security standard.

How It Worked:

SSL operated similarly to TLS, using a handshake process to establish encrypted connections. It employed asymmetric cryptography for key exchange and symmetric encryption for data transmission. SSL certificates authenticated server identities, creating the foundation for the certificate authority (CA) system still used today.

Relationship to TLS:

TLS is the direct successor to SSL and functions as an improved, more secure version of the protocol. When people refer to "SSL certificates" or "SSL connections" today, they are almost always actually using TLS. The terms are often used interchangeably in common usage, though technically SSL refers to the older, deprecated protocol.

Current Status:

SSL is no longer considered secure and should not be used. All major web browsers and servers have disabled support for SSL 2.0 and 3.0. Organizations should use TLS 1.2 or TLS 1.3 for secure communications.

Common Terminology:

Despite being obsolete, SSL terminology persists:

  1. "SSL Certificate" (actually refers to TLS certificates)
  2. "SSL/TLS" (acknowledging both the legacy name and current protocol)
  3. "SSL VPN" (VPNs using TLS encryption)

Migration Path:

Any systems still using SSL should immediately migrate to TLS 1.2 or preferably TLS 1.3 to ensure adequate security protection.

Studying for CompTIA (Security)?

ExamWizardz turns the official objectives into a guided study plan — with practice tests, real PBQs, and a readiness score. Join the waitlist to be first in when CompTIA A+ launches.