SSL vs TLS: what is the difference?

Two names, one job. Why the protocol changed its name in 1999 and the world never quite caught up.

Here is the short answer: TLS is the modern name for SSL. They are successive versions of the same idea — a protocol that encrypts the connection between a client and a server and lets the client verify who it is talking to. No server on the public internet should be speaking actual SSL any more; when people say “SSL” today, they almost always mean TLS. The name simply refused to die.

A short history

SSL — Secure Sockets Layer — was created at Netscape in the mid-1990s to make shopping on the young web plausible. SSL 1.0 never shipped (its flaws were found internally), SSL 2.0 arrived in 1995 and was broken in significant ways, and SSL 3.0 followed in 1996 as a substantial redesign that held the fort for years.

When the protocol moved from Netscape to the IETF standards body, politics required a new name. The 1999 successor to SSL 3.0 was published as TLS 1.0 — Transport Layer Security. Technically it was a modest revision; TLS 1.0 was almost “SSL 3.1” (and its internal version number literally is 3.1). From then on, every improvement has been a TLS release:

Meanwhile every SSL version has been formally prohibited: SSL 2.0 in 2011 and SSL 3.0 in 2015, after the POODLE attack made its weaknesses practical to exploit. A server offering SSL today is not retro — it is broken.

Why everyone still says SSL

Language follows habit, not standards documents. By the time TLS got its name, “SSL” was already printed on invoices, baked into product names and taught in tutorials. Certificate vendors sold — and still sell — “SSL certificates”. Software configuration kept the old letters too: OpenSSL is the world’s most used TLS library, and countless config files have settings with ssl in the name that actually control TLS.

The certificates themselves make the confusion harmless. An “SSL certificate” is an X.509 certificate, and X.509 is independent of protocol version — the same certificate served TLS 1.0 in 2005 and serves TLS 1.3 today. What changed is the protocol carrying it, not the certificate format. So “SSL certificate” and “TLS certificate” describe exactly the same file, and this site — an SSL checker at heart — checks certificates that are, in practice, used by TLS.

Which term should you use?

What actually matters on your server

The practical takeaways hiding under this naming debate are versions and configuration:

Two tools for two questions

This split is exactly how the DNS Studio suite divides the work. If your question is about the certificate — is it valid, trusted, covering the right names, when does it expire? — use the SSL checker on this site. If your question is about the protocol — which TLS versions does my server negotiate, which cipher suites, is anything legacy still enabled? — that depth lives on tls.studio. Start with whichever question is yours; each tool links to the other.

And if a browser is currently showing you an error with SSL or CERT in its name, skip the theory and go straight to common SSL errors explained.