Questions tagged [ssl]

'Secure Sockets Layer' was originally a comp.sources Usenet post in the 1980s, using a fairly primitive security protocol. Netscape Communication Corp pioneered the current SSL protocol, in SSL 2.0, the first version deployed, followed by SSL 3.0. At that point the IETF decided to standardize on this protocol, so RFC 2246 defined the next version of this protocol. There was some uncertainty over the intellectual property rights to the SSL name so the IETF chose the name Transport Layer Security (TLS). Today the names SSL and TLS are essentially synonyms. However, if you refer to a specific version you should include the correct name, e.g SSL 3.0 or TLS 1.1. As a progression it goes SSL 2.0 < SSL 3.0 < TLS 1.0 < TLS 1.1 < TLS 1.2 < TLS 1.3, where "<" means "precedes".

Current security standards forbid running any SSL version or TLS 1.0 (due to their various flaws). It is recommended to run only TLS 1.2 and TLS 1.3.

TLS was originally developed to run above a connection-oriented protocol, i.e. TCP. Later, TLS modified to run over connectionless protocols like UDP by way of Datagram Transport Layer Security (DTLS).

TLS is a mature protocol, now more than 20 years old, with vast support on a multitude of clients, servers, platforms, and libraries. However, there is some complexity around the cipher suites, the TLS Extensions, and the certificate validation, that regularly introduced reasons ending in non-interoperability. Perhaps the most well-known protocol that uses TLS is the HTTPS protocol, which is the HTTP protocol running over TLS.

Stackoverflow is for programming questions, and that is also true for questions tagged with TLS or SSL. In particular, server configuration questions are off-topic and instead should be asked on ServerFault.