Questions tagged [ssl]

TLS, also known as SSL, is a protocol for secure communication over an insecure channel.

Originally invented for HTTP traffic, TLS is commonly used for protocols such as POP3, IMAP, SMTP, LDAP, etc. With some protocols, TLS is usually used on separate ports, most famously port 443 for HTTPS (HTTP over SSL/TLS) (as opposed to plain HTTP on port 80). These protocols typically have names which have a trailing letter S (such as HTTPS vs. HTTP). Some protocols, such as SMTP, POP3 and IMAP, allow to initiate SSL by the STARTTLS command. A variant of the protocol called DTLS is used on top of UDP udp. [SSH] ssh is a completely separate protocol that a similar design.

Technically SSL designates obsolete proprietary versions of the protocol (SSL2 and SSL3), and TLS designates the more modern versions (TLS1.0, TLS1.1, TLS1.2 and the upcoming TLS1.3). As of 2017, SSL3 and below are insecure and should not be used, and TLS1.0 and TLS1.1 are on their way out.

Most ways of establishing a secure channel require at least the client to authenticate the server. This is done using public-key cryptography, with a chain of X.509 certificates x509 certificates: a client trusts a server if there is a chain of certificates where the server's certificate is signed by a certificate authority (CA), and the CA's certificate is signed by another CA, and so on until a root CA is reached. A root CA is one that is distributed with the operating system or client application and that the client considers to be trusted by default. Certificates can also allow the server to authenticate the client.

Background topics on SSL/TLS

• How does SSL/TLS work?
• What's the difference between SSL, TLS, and HTTPS?
• How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?
• Now that it is 2015, what SSL/TLS cipher suites should be used in a high security HTTPS environment?