5

SSL and TLS seem to be somewhat interchangeable. So much so that they are generally lumped together ("SSL/TLS") when referring to HTTPS and other services. Its almost as if TLS is version 4.0 of SSL. Why wasn't named that instead of coming up with a different name?

poke
  • 365
  • 1
  • 3
  • 11
  • 2
    TLS 1.0 is SSL 3.1. Please see http://security.stackexchange.com/q/5126/21234 – Shurmajee Jun 20 '13 at 04:09
  • Related: 2011-06-10, SecSE: [What's the difference between SSL, TLS, and HTTPS?](https://security.stackexchange.com/questions/5126/whats-the-difference-between-ssl-tls-and-https) – StackzOfZtuff May 14 '19 at 12:49
  • Related: 2015-06-24, SecSE, [Why do we still use the terms SSL and HTTPS? (Closed)](https://security.stackexchange.com/questions/92292/why-do-we-still-use-the-terms-ssl-and-https) – StackzOfZtuff May 14 '19 at 12:49

3 Answers3

10

I believe this is mostly due to the fact that SSL was never a considered an internet standard.

This quote is from the SSL 3.0 [RFC][1].

Although the SSL 3.0 protocol is a widely implemented protocol, a pioneer in secure communications protocols, and the basis for Transport Layer Security (TLS), it was never formally published by the IETF, except in several expired Internet-Drafts. This allowed no easy referencing to the protocol.

When TLS was accepted as an internet standard, the people in charge probably wanted a new term to distinguish it from the older, "non-standard" SSL protocol. [1]: https://www.rfc-editor.org/rfc/rfc6101

5

Tim Dierks gave the real answer: “As a part of the horsetrading, we had to make some changes to SSL 3.0 (so it wouldn't look the IETF was just rubberstamping Netscape's protocol), and we had to rename the protocol (for the same reason). And thus was born TLS 1.0 (which was really SSL 3.1). And of course, now, in retrospect, the whole thing looks silly.”

http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html?m=1

Alex
  • 151
  • 1
  • 2
1

More recently (2016), the IETF TLS working group have discussed whether naming TLS 1.3 "SSL 4.0" would be a good idea (and decided against).

Z.T.
  • 7,768
  • 1
  • 20
  • 35