SSL (Secure Sockets Layer)
Definition
SSL is a deprecated cryptographic protocol that provided secure communication over a network. It was the predecessor to TLS (Transport Layer Security). SSL is still commonly referenced colloquially (“SSL certificate”) even though the protocol has been obsolete since 1996.
SSL versions 1.0, 2.0, and 3.0 were all deprecated due to critical vulnerabilities. TLS 1.0 (1999) was the first version to replace SSL, and TLS has been continuously improved since.
SSL History
| Version | Year | Status |
|---|---|---|
| SSL 1.0 | 1994 | Never released (flawed) |
| SSL 2.0 | 1995 | Deprecated (1996) — POODLE, BEAST |
| SSL 3.0 | 1996 | Deprecated (2015) — POODLE attack |
| TLS 1.0 | 1999 | Deprecated (2021) — BEAST, CRIME |
| TLS 1.1 | 2006 | Deprecated (2021) |
| TLS 1.2 | 2008 | Current standard, widely supported |
| TLS 1.3 | 2018 | Latest, faster and more secure |
Why “SSL Certificate” is a Misnomer
Despite the protocol being TLS, the term “SSL certificate” persists because:
- SSL was the original name when the industry started
- Certificate formats (X.509) are the same for TLS
- Industry terminology stuck from the 1990s
SSL/TLS Certificate Types
| Type | Validation | Use Case |
|---|---|---|
| DV (Domain Validated) | Domain ownership | Basic websites, blogs |
| OV (Organization Validated) | Organization verification | Business websites |
| EV (Extended Validation) | Strict verification | Banks, e-commerce |
| Wildcard | Domain ownership | *.example.com |
| Multi-domain (SAN) | Multiple domains | Multiple subdomains |
SSL/TLS Handshake (Simplified)
Client → Server: ClientHello (supported TLS versions, cipher suites)
Server → Client: ServerHello (chosen TLS version, cipher suite) + Certificate
Server → Client: ServerHelloDone
Client → Server: ClientKeyExchange (encrypted pre-master key)
Client → Server: ChangeCipherSpec
Client → Server: Encrypted handshake messages (verified)
Server → Client: ChangeCipherSpec
Server → Client: Encrypted handshake messages (verified)
→ Encrypted communication begins
SSL Certificate Providers
| Provider | Type | Notes |
|---|---|---|
| Let’s Encrypt | Free, automated | ACME protocol, most popular free CA |
| DigiCert | Commercial | Enterprise-grade, widely trusted |
| Sectigo (Comodo) | Commercial | Affordable OV/EV certificates |
| GlobalSign | Commercial | Long-standing CA |
| AWS ACM | Free (AWS only) | Free certificates within AWS |
Related Terms
- Tls — HTTP over TLS (commonly called “SSL”)
- Certificate Authority — issues SSL/TLS certificates
- Hsts: https://datatracker.ietf.org/doc/html/rfc5246
- Let’s Encrypt: https://letsencrypt.org/