LawTrust
News


SSL, TLS - what's the difference?

Keeping track of the latest security standards and ensuring you are secure from threats online is one thing, getting your head around the various acronyms is another. You know you need to secure your website, but what is it that makes the lock appear and the address bar turn green in website browsers… HTTPS… SSL or TLS.

Keeping track of the latest security standards and ensuring you are secure from threats online is one thing, getting your head around the various acronyms is another. They make trying to figure out what it is that you really need to do to keep safe online increasingly confusing.

You know you need to secure your website, but what is it that makes the lock appear and the address bar turn green in website browsers… HTTPS… SSL or TLS.

What’s the difference?

Secure Sockets Layer (SSL) is a cryptographic protocol (set of rules) that enables secure communications over the internet. Netscape developed version 1.0 of the SSL protocol more than 20 years ago, so that people could use their browsers to securely surf the web. Improvements to the protocol, and enhancements of security standards, lead to the creation of SSL 3.0.

Transport Layer Security (TLS) was introduced in 1999 as a newer version of SSL and is based on SSL version 3.

Hypertext Transfer Protocol Secure (HTTPS), is the secure version of HTTP, the protocol over which data is sent between your browser and the website you are connected to.   HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) together with SSL/TLS and is used to provide encrypted communication between your browser and the website connected to through a secure channel with verified web server identification made possible using certificates.

There is no need to panic, and you don’t need to replace all your existing SSL certificates with TLS.   Certificates used for both protocols amount to the same thing - in fact it’s better to call them certificates for use with SSL and TLS.

So, in summary, what’s the difference between SSL and TLS? Not much, really.

In terms of deployment and configuration though, it’s the difference of ciphers, vulnerabilities and the risk of cyber-attack.

If you are configuring a server you must ensure that you have TLS enabled for maximum security. Also, using high assurance EV (Extended Validation) certificates will help to ensure you have used security of the highest standards to avoid any risk of attack and compromise.

Since 2013, LAWtrust has been certified by WebTrust as a global certificate authority. The certificates issued by us are included in the Microsoft and Adobe Trust certificate authority lists. In other words, they are validated.

Validated encryption is essential. Legislation across the world is making it increasingly important to protect business information, including personal information received from clients, customers and staff. Breaches are costly, in hard cash and reputation terms.

In South Africa, the average cost of a data breach to a company is R28.6-million, according to the Ponemon Institute’s 2016 Cost of Data Breach Study: South Africa. When the Protection of Personal Information Act comes into effect soon – the date keeps changing – the legal responsibility to protect personal information will be laid firmly at the door of business.

We are happy to help if you need any advice about SSL/TLS, our support team is on hand and available to answer any questions relating to configuration and best practise.