Difference Between SSL and TLS in Tabular Form
- Secure Socket Layer (SSL) and Transport Layer Security (TLS) provide security between the server and browser.
|It was released in 1999.||SSL v2.0 was first released in 1995 and v3.0 in 1996. SSL v1.0 was not released to the public.|
|SSL, the minor version is 0, and the major version is 3.||TLS, the minor version is 1, and the major version is 3.|
|Supports Fortezza (algorithm)||Does not support Fortezza|
|SSL uses the HMAC algorithm excepts that the padding bytes concatenation.||TLS makes use of the same algorithm the padding bytes concatenation.|
|SSL supports 12 various alert codes.||TLS Supports all the alert codes defined in SSL 3 with the exception of no certificate.|
|It is faster than TLS as authentications are not carried out intensively.||It is a little slower due to the two-step communication process i.e. handshaking and actual data transfer.|
|The SSL versions are less secure.||TLS v2.0 is susceptible to both BEAST & POODLE attacks and hence it is more secure.|
|Ad hoc Message authentication||Standard Message authentication|
|Complex Certificate verify||Simple Certificate verify|
A Brief History of SSL and TLS
- SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network (e.g. a client connecting to a web server). SSL is the predecessor to TLS. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms.
- SSL was originally developed by Netscape and first came onto the scene way back in 1995 with SSL 2.0 (1.0 was never released to the public). Version 2.0 was quickly replaced by SSL 3.0 in 1996 after a number of vulnerabilities were found. Note: Versions 2.0 and 3.0 are sometimes written as SSLv2 and SSLv3.
- TLS was introduced in 1999 as a new version of SSL and was based on SSL 3.0