3/27/2016 cryptographyWhat'sthedifferencebetweenSSL,TLS,andHTTPS?

InformationSecurityStackExchange

signup login tour help

_
InformationSecurityStackExchangeis Here'showitworks:
aquestionandanswersitefor
informationsecurityprofessionals.It's
100%free,noregistrationrequired.

Signup Anybodycanask Anybodycan Thebestanswersarevoted

aquestion answer upandrisetothetop

What'sthedifferencebetweenSSL,TLS,andHTTPS?

Igetconfusedwiththetermsinthisarea.WhatisSSL,TLS,andHTTPS?Whatarethedifferences
betweenthem?

cryptography tls protocols

editedOct6'11at15:52 askedJul10'11at16:40
ThomasPornin jrdioko
212k 38 487 704 3,806 6 17 35

1 Seetrustworthyinternet.org/sslpulse/#chartprotocolsupportforasurveyofsitesupportfordifferentSSL
andTLSversions.ColonelPanic Dec12'14at10:59

2 December2014:ExpectSSLsupporttodropfastnowit'sirreparablybrokenbyPOODLE.Browsershave
alreadyremovedit(Firefoximmediately ,Chromecautiously ,InternetExplorerpartially )ColonelPanic
Dec12'14at11:41

3Answers

TLSisthenewnameforSSL.Namely,SSLprotocolgottoversion3.0TLS1.0is"SSL3.1".TLS
versionscurrentlydefinedincludeTLS1.1and1.2.Eachnewversionaddsafewfeaturesand
modifiessomeinternaldetails.Wesometimessay"SSL/TLS".

HTTPSisHTTPwithinSSL/TLS.SSL(TLS)establishesasecured,bidirectionaltunnelfor
arbitrarybinarydatabetweentwohosts.HTTPisaprotocolforsendingrequestsandreceiving
answers,eachrequestandanswerconsistingofdetailedheadersand(possibly)somecontent.
HTTPismeanttorunoverabidirectionaltunnelforarbitrarybinarydatawhenthattunnelisan
SSL/TLSconnection,thenthewholeiscalled"HTTPS".

Toexplaintheacronyms:

"SSL"means"SecureSocketsLayer".Thiswascoinedbytheinventorsofthefirstversions
oftheprotocol,Netscape(thecompanywaslaterboughtbyAOL).
"TLS"means"TransportLayerSecurity".Thenamewaschangedtoavoidanylegalissues
withNetscapesothattheprotocolcouldbe"openandfree"(andpublishedasaRFC).It
alsohintsattheideathattheprotocolworksoveranybidirectionalstreamofbytes,notjust
Internetbasedsockets.
"HTTPS"issupposedtomean"HyperTextTransferProtocolSecure",whichis
grammaticallyunsound.Nobody,excepttheterminallyboredpedantic,everusesthe
translation"HTTPS"isbetterthoughtofas"HTTPwithanSthatmeansSSL".Other
protocolacronymshavebeenbuiltthesameway,e.g.SMTPS,IMAPS,FTPS...allofthem
beingabareprotocolthat"gotsecured"byrunningitwithinsomeSSL/TLS.

editedMar22'15at20:10 answeredJul10'11at16:47
AlexisKing ThomasPornin
103 4 212k 38 487 704

21 Tomaketheconfusingperfect:SSL(securesocketlayer)oftenreferstotheoldprotocolvariantwhich
startswiththehandshakerightawayandthereforerequiresanotherportfortheencryptedprotocolsuch
as443insteadof80.TLS(transportlayersecurity)oftenreferstothenewvariantwhichallowstostart
withanunencryptedtraditionalprotocolandthenissuingacommand(usuallySTARTTLS)toinitializethe
handshake.HendrikBrummermannJul10'11at17:23

9 SSLnolongerexists.ThereisTLS0.9,andfortheinsane,TLSversion0.1.JumbogramJul11'11at
2:03

2 @HendrikBrummermann"transactionlayersecurity"?don'tyoumean"transportlayersecurity"?thejh
Nov3'13at15:32

16 Don'tconfusetheissuebymentioningSTARTTLS!TLSandSSLprovidesagenericsecureconnection
thatcanbeusedtosendanyprotocoloverit:whentheHTTPprotocolissentoverTLSorSSLitis
referredtoasHTTPS.TheSTARTTLSfeatureisonlyavailableintheSMTPemailexchangeprotocoland
hasnothingtodowithHTTPorHTTPS.TLSandSSLknownothingabouttheSTARTSSLcommand.
BothTLSandSSLalwaysstartswiththehandshaketoestablishasecureconnection.HoylenMar28
'14at0:36

3 WithSMTPandIMAP,therearetwomethodstouseSSL:oneissimilartoHTTPS(youstartwithSSL,

http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 1/3
3/27/2016 cryptographyWhat'sthedifferencebetweenSSL,TLS,andHTTPS?InformationSecurityStackExchange
andwithinthetunnelyouusetheplainprotocol),theotherusesthe STARTTLS command(youstartwith
theplainprotocol,andthenswitchtoSSLaftersomenegotiation).Theclientmustknowwhattodo
beforehand(notablybecausebothmethodsdon'tusethesameport:143forIMAP+STARTTLS,993with
IMAPwithinSSL).AsgeneraloverlordsofConfusion,Microsoftdecidedtocallthesetwomethods"SSL"
and"TLS".ThomasPorninMay31'14at10:18

SSLandTLSareprotocolsthataimtoprovideprivacyanddataintegritybetweentwoparties
(seeRFC2246),designedtorunoverareliablecommunicationprotocol(typicallyTCP).
AlthoughtheTLSspecificationdoesn'ttalkaboutsockets,thedesignofSSL/TLSwasdoneso
thatapplicationscouldusethemalmostliketraditionalTCPsockets,forexample SSLSocket in
Javaextends Socket (therearesmalldifferencesintermsofusability,though).

HTTPSisHTTPoverSSL/TLS,wheretheSSL/TLSconnectionisestablishedfirst,andthen
normalHTTPdataisexchangedoverthisSSL/TLSconnection.WhetheryouuseSSLorTLSfor
thisdependsontheconfigurationofyourbrowserandoftheserver(thereusuallyisanoptionto
allowSSLv2,SSLv3orTLS1.x).ThedetailsofhowHTTPandSSL/TLSformHTTPSarein
RFC2818.

RegardingthedifferencebetweenSSLandTLS,youmaybeinterestedinthesetwoanswersI
wroteforthesesimilarquestionsonStackOverflowandServerFault:

DifferencebetweenSSL&TLS[Stackoverflow]
WhataretheexactprotocolleveldifferencesbetweenSSLandTLS?[Serverfault]

YoucouldconsiderTLSv1.0asSSLv3.1(infactthat'swhathappenswithintherecords
exchanged).It'sjusteasiertocomparetheTLSv1.0withTLSv1.1andTLSv1.2because
they'veallbeeneditedwithinIETFandfollowmoreorlessthesamestructure.SSLv3being
editedbyadifferentinstitution(Netscape),itmakesitabitmoredifficultsospotthe
differences.

Hereareafewdifferences,butIdoubtIcanlistthemall:

IntheClientHellomessage(firstmessagesentbytheclient,toinitiatethehandshake),
theversionis{3,0}forSSLv3,{3,1}forTLSv1.0and{3,2}forTLSv1.1.
TheClientKeyExchangediffers.
TheMAC/HMACdiffers(TLSusesHMACwhereasSSLusesanearlierversionof
HMAC).
Thekeyderivationdiffers.
TheclientcansendapplicationdatacanbesentstraightaftersendingtheSSL/TLS
FinishedmessageinSSLv3.InTLSv1,itmustwaitfortheserver'sFinishedmessage.
Thelistofciphersuitesdiffer(andsomeofthemhavebeenrenamedfromSSL_*to
TLS_*,keepingthesameidnumber).
Therearealsodifferencesregardingthenewrenegotiationextension.

Generally,thehighertheversionorSSL/TLS,themoresecureitis,providedyouchooseyour
ciphersuitesproperlytoo(higherversionsofTLSalsoofferusingciphersuitesthatare
consideredbetter).(SSLv2isconsideredinsecure.)Inaddition,SSLdoesn'tfallundertheIETF
scope.Forexample,theTLSrenegotiationfixhadtoberetrofittedforSSLv3(althoughSSL/TLS
stackshadtobeupdatedanyway).

Youmayalsobeinterestedinthisanswer:

WhathappensonthewirewhenaTLS/LDAPorTLS/HTTPconnectionissetup?
[Stackoverflow]

NotethatsomepeopleopposeSSLandTLSasbeingthedifferencebetween"SSL/TLSupon
connection"and"upgradetoTLS"(aftersomeconversationusingtheapplicationprotocol).
Despitesomeoftheseanswersbeingrelativelyhighlyupvoted,thisisincorrect.Thismistakeis
propagatedbythefactthatcertainapplications,likeMicrosoftOutlook,offertwoconfiguration
optionscalled"SSL"and"TLS"forSMTP/IMAPconfigurationwhentheyreallymean"SSL/TLS
uponconnection"and"upgradetoTLS".(ThesamegoesfortheJavaMaillibrary,Ithink.)

TheRFCsthattalkaboutSTARTTLSwerewrittenwhenTLSwasalreadyanofficialRFC,that's
whytheyonlytalkaboutupgradingtheconnectiontoTLS.Inpractice,ifyoutweakthe
configurationofyourmailclienttoforceittouseSSLv3insteadofTLS(notsomethingIwould
generallyrecommend),it'sstilllikelytobeabletoupgradetoSSL/TLSusingSTARTTLSwithan
SSLv3connection,simplybecauseit'smoreaboutthemodeofoperationthantheversionof
SSL/TLSand/ortheciphersuites.

ThereisalsoavariantofHTTPwheretheupgradetoSSL/TLSisdonewithintheHTTPprotocol
(similarto STARTTLS inLDAP/SMTP).ThisisdescribedinRFC2817.AsfarasIknow,thisis
almostneverused(andit'snotwhat'susedby https:// inbrowsers).Themainrelevantpartof
thisRFCisthesectionabout CONNECT forHTTPproxyservers(thisisusedbyHTTPproxy
serverstorelayHTTPSconnections).

editedOct20'14at13:36 answeredJul11'11at8:59
Bruno
7,392 1 18 36

http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 2/3
3/27/2016 cryptographyWhat'sthedifferencebetweenSSL,TLS,andHTTPS?InformationSecurityStackExchange

3 RFC2817isnotusedinpracticebecauseitmessestoomuchwiththeinternalstructureofHTTPSclient.
Instead,clientsnowusethe"ServerNameIndication"tosolvethesameproblem,namelytoadvertisethe
intendedservernamebeforetheserversendsitscertificate(thisisforvirtualhosting)SNIisanextension
addedbytheclientatthebeginningoftheTLShandshake.ThomasPorninJul11'11at12:04

@Thomas,agreed,butthediff.betweenHTTPS(asweuse)andRFC2817wouldhavebeenthesameas
betweenSMTPSandSTMP+STARTTLS.Indeed,oneofthepointsitaddressesisthesameproblemas
SNI,butIthinktherewaslessdemandatthetimeforthis,andclients/serverssupportingRFC2817never
reallytookoff.MakingsuretheURIwasvisibly https:// (tomakeitarguablymoresecure?)seemsto
havebeenanargumenttokeepthecleardistinction(insteadofpossiblytransparentupgrade),AFAIK.
There'salsoadiscussionhere:ietf.org/mailarchive/web/tls/current/msg01096.htmlBrunoJul11'11at
13:00

1 Youwrite SSLv3overTLS Isthatatypingmistakeofsomesort?Whatdoyoumean?AsIunderstandit

theversionswentsomethinglikeSSLv1SSLv2SSLv3TLSv1.0TLSv1.1TLSv1.2Sotosay SSLv3
overTLS islikesayingWindows98overWindows7.Orencryptionwithinanencryption.Whatdoyou
mean?barlopOct20'14at13:03

1 @barlopSorry,itwasindeedbadlyworded,Imeantitas"insteadof".BrunoOct20'14at13:38

SSLVSTLS
ThetermsSSLandTLSareoftenusedinterchangeablyorinconjunctionwitheachother
(TLS/SSL),butoneisinfactthepredecessoroftheotherSSL3.0servedasthebasisforTLS
1.0which,asaresult,issometimesreferredtoasSSL3.1.

WhichismoreSecureSSLorTLS
Intermsofsecuritytheybothareconsiderequallysecured

Themaindifferenceisthat,whileSSLconnectionsbeginwithsecurityandproceeddirectlyto
securedcommunications,TLSconnectionsfirstbeginwithaninsecurehellototheserverand
onlyswitchtosecuredcommunicationsafterthehandshakebetweentheclientandtheserveris
successful.IftheTLShandshakefailsforanyreason,theconnectionisnevercreated.

(SSLandTLSvsHTTP)
HTTPprotocolisusedtorequestandrecivethedataandhttpsinwhichthe's'isnothingbut
secureSSLwhichmakesthehttpprotocolrequestandreceiveactivityencryptedsonomiddle
manattackercanobtainthedataeasily.

IfneitherSSLnorTLSisusedwithHTTP
thenyourconnectionwiththewebserverisunencryptedallthedatawillbesentinplaintextany
middlemanattackercanobtainandviewthatdata.

soshouldgowithSSLorTLS
well,botharesamebutTLSismoreextensibleandhopingtogetmoresupportinfutureandTLS
isbackwardcompatible.

editedJul10'11at19:16 answeredJul10'11at18:53
HendrikBrummermann mr_eclair
21.2k 4 61 105 532 2 8

5 Sorry,1for"Themaindifferenceisthat,whileSSLconnectionsbeginwithsecurityandproceeddirectlyto
securedcommunications,TLSconnectionsfirstbeginwithaninsecurehellototheserverandonlyswitch
tosecuredcommunicationsafterthehandshakebetweentheclientandtheserverissuccessful.".SSLv3
andTLSconnectionsarebothinitiatedwithahandshake,doneintheverysameway(bothstartingwith
ClientHello ).YoumightbeconfusingSSL/TLSonconnectionandupgradetoTLSviasomethinglike
STARTTLS . Bruno Jul11'11at9:17

TLS1.2finallysupportsSHA2basedHMAC,sointheorynewdeploymentsshouldbeusingTLS1.2only
HubertKarioJul12'11at20:53

http://security.stackexchange.com/questions/5126/whatsthedifferencebetweenssltlsandhttps 3/3