Black Bar Banner 1

Welcome to Markethive

Website Security-What Should You Have?

Posted by Deb Williams - Editor on November 22, 2020 - 3:47am Edited 11/22 at 3:54am

Website Security-What Should You Have?


SSL or TLS Certificates

For newbies, getting up to speed with web security and SSLs can be challenging. Maybe you know that SSL certificates secure your site, but you're not exactly sure how or why. And now, TLS certificates enter into the mix, and you’re completely lost. Are they the same, or are they completely separate? If you have ever wondered what TLS has to do with SSL, this blog post will shed some light on the subject.


So What’s The Difference Between SSL and TLS Certificates?

Secure Sockets Layer (SSL) is a cryptographic protocol that is utilized to create safe, encrypted transmissions on the internet linking a client and a server using HTTPS. Put another way, this is the joining of a web browser with a website. The encryption process assures that all transmissions across this connection are made undecipherable to third parties.

Transfer Layer Security (TLS) is also a cryptographic protocol and does the same thing as an SSL certificate, only better. Essentially it's an upgraded version of SSL that's faster and more secure. Although the result is the same, SSL and TLS create the encrypted connection differently in the background, from verification feedback sent to the way they determine archive protocols. The essential steps for establishing an encrypted connection are referred to as the SSL or TLS handshake.

This next part usually is what throws people off. Today, in all likelihood, if you are using an SSL certificate in 2020, it works by using the TLS protocol. The term SSL certificate is a misnomer. TLS certificate is the more accurate name. To understand why we need to go back a couple of decades and look at how these digital certificates came to exist. 


A Brief History of SSL

In the mid-90s, SSL was developed. Increases in the volume of individuals, organizations, and companies using the World Wide Web created the need for improved security. Subsequently, banking and shopping online took off emphasizing that people's personal data also required online protection.

In 1994, Netscape released SSL 1.0. In the arena of online encryption, it was a game-changer, despite having several significant security breaches. So it was never released to the public. SSL 2.0 was released in 1995 and 3.0 in 1996. Although each made improvements, they still had many security flaws.

Here is where TLS enters the picture. Because of the pressing need for a more secure encryption protocol, researchers started working on something new. 


Shifting to TLS

The TLS protocol was created in 1999 and eventually would replace SSL entirely. In 2006, TLS version 1.0 was upgraded to TLS 1.1. In 2008 TLS 1.2 was released, followed by the latest version, TLS 1.3, in 2018. Every version of TLS has come with significant security upgrades. So many, in fact, that the most recent version of TLS runs totally different from the initial version of SSL that was developed more than twenty years earlier.

Today, the most widely used cryptographic protocols are TLS 1.2 and 1.3. For internet browsing, SSL is fundamentally discontinued. In 2015 the Internet Engineering Task Force (IETF) discouraged using the last version, SSL (3.0).


So Why Do We Still Call Them SSL Certificates?

Mainly due to branding and marketing purposes. The name SSL Certificate entirely has become synonymous with encryption and internet security. Although SSL isn’t used anymore, it remains the industry-wide label for this kind of online certificate.

The time for switching the name to TLS certificates has long passed. A sudden change in referring to them as TLS certificates outright would probably result in much uncertainty for persons unfamiliar with internet protocols. They might think you’re talking about something completely different.  

Actually the debate over whether to call them SSL or TLS certificates is somewhat misleading. The online certificates themselves, whether an SSL or TLS protocol, are not the controller by themselves. Instead, it is the configurations of the server and browser being used. 

Is Your SSL Certificate Using the TLS Protocol?

If your website was created during the last few years and is working in modern web browsers, it’s improbable that your servers are configured to use SSL or older versions of the TLS protocol because they won't work. In 2014 Google Chrome ended support for SSL. Top browsers and technology companies have pledged to discontinue using TLS 1.0 and 1.1 by 2020 years end. Your server is most likely configured to support TLS 1.2 or 1.3, with 1.3 the preferred. 

By using this service, you will be able to monitor the configuration of your server. Contact your web hosting provider or hire a systems administrator if your TLS server configurations need updating.

 ecosystem for entrepreneurs


Written by: Gene Aasen
A Markethive Entrepreneur and a strong advocate of the Markethive mission for technology, world progress, and freedom of speech. I support change and endeavor to help others understand, grow, and move forward with enthusiasm to achieve their goals. 



Corneliu Boghian Thank you very much Den. for this info.
April 23, 2021 at 5:17am
Corneliu Boghian thanks for the info
April 14, 2021 at 10:03am
Svetlana N Thanks you
March 4, 2021 at 2:11pm
luba66 Lyubov Sultanova Thanks Jim, information to move forward to achieve your goal.
March 4, 2021 at 11:44am
Valeriya Great info
February 27, 2021 at 6:24am
Tony Puckerin Thanks for sharing Deb
December 3, 2020 at 8:34pm
Health and Safety STEFY Thank you Deb for the great info!
November 29, 2020 at 11:02pm
brian chochola Never knew this, thanks
November 25, 2020 at 4:11am
November 24, 2020 at 6:23pm
Kevin Jacobson Many people still don't have SSL yet. I recently moved all my sites to a Developer Grade Hosting with Free SSL for all my Domains and Subdomains. I checked it and I have the latest TLS.
November 23, 2020 at 7:58pm
Load More