SSL (Secure Sockets Layer)
What is SSL (Secure Sockets Layer)?
SSL (Secure Sockets Layer)The historical predecessor of TLS, originally developed by Netscape in the 1990s to encrypt traffic on the web and now formally deprecated.
SSL is the family of protocols (SSL 2.0 and SSL 3.0) that pioneered encrypted client-server communication on the internet before being replaced by TLS starting with TLS 1.0 in 1999. All SSL versions have well-known cryptographic weaknesses — for example, POODLE against SSL 3.0 — and have been deprecated by the IETF (RFC 7568) and prohibited by standards such as PCI DSS. Despite this, the term "SSL" is still used colloquially to refer to TLS, particularly in product names like "SSL VPN" or "SSL certificate". In practice, any modern "SSL" deployment uses TLS, and SSL 2.0/3.0 must be disabled wherever they remain.
● Examples
- 01
An old POS terminal still negotiating SSL 3.0, vulnerable to POODLE, that must be upgraded to TLS 1.2+.
- 02
A vendor referring to their TLS certificate as an "SSL certificate" out of historical convention.
● Frequently asked questions
What is SSL (Secure Sockets Layer)?
The historical predecessor of TLS, originally developed by Netscape in the 1990s to encrypt traffic on the web and now formally deprecated. It belongs to the Network Security category of cybersecurity.
What does SSL (Secure Sockets Layer) mean?
The historical predecessor of TLS, originally developed by Netscape in the 1990s to encrypt traffic on the web and now formally deprecated.
How do you defend against SSL (Secure Sockets Layer)?
Defences for SSL (Secure Sockets Layer) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SSL (Secure Sockets Layer)?
Common alternative names include: Secure Sockets Layer, Legacy SSL.