What Is SSL/TLS?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that provide secure, encrypted communication over a network. TLS is the modern successor to SSL - All versions of SSL are now deprecated and insecure. When you see HTTPS in your browser's address bar, the connection is protected by TLS. Check any website's certificate with our SSL certificate checker.
Protocol Version History
| Version | Released | Status | Known Vulnerabilities |
|---|---|---|---|
| SSL 1.0 | Never public | Never released | Severe flaws found in design |
| SSL 2.0 | 1995 | Deprecated - RFC 6176 (2011) | DROWN, POODLE, BEAST |
| SSL 3.0 | 1996 | Deprecated - RFC 7568 (2015) | POODLE, DROWN |
| TLS 1.0 | 1999 | Deprecated - RFC 8996 (2021) | BEAST, Lucky13, POODLE (via fallback) |
| TLS 1.1 | 2006 | Deprecated - RFC 8996 (2021) | BEAST (partial), Lucky13 |
| TLS 1.2 | 2008 | Current - Widely supported | Secure when configured correctly |
| TLS 1.3 | 2018 | Current - Recommended | None known; significantly redesigned |
What TLS Protects and What It Doesn't
| Protected by TLS | NOT Protected by TLS |
|---|---|
| Content of your request (passwords, form data, page content) | The domain name you're connecting to (visible in SNI and DNS) |
| Response data from the server | The fact that you're connecting to a server (IP is still visible) |
| Integrity - Tampering is detected | Metadata: connection timing, data volume |
| Server identity (certificate authentication) | Client identity - Servers can't verify who you are via TLS alone |
What Makes a Valid TLS Certificate
- Issued by a trusted Certificate Authority (CA) - Browsers ship with a list of ~100 trusted root CAs.
- Covers the exact domain name(s) being accessed - A certificate for example.com is not valid for sub.example.com unless it includes a Subject Alternative Name (SAN) for the subdomain.
- Not expired - Certificates must be renewed; Let's Encrypt issues 90-day certificates for free.
- Not revoked - CAs can revoke certificates via CRL or OCSP if the private key is compromised.
- TLS 1.2+ negotiated - Any server still offering TLS 1.0/1.1 should be reconfigured.
The TLS 1.3 Handshake, Step by Step
Before any page data flows, client and server negotiate keys. TLS 1.3 (RFC 8446) compresses this into a single round trip:
| Step | Message | What Happens |
|---|---|---|
| 1 | ClientHello | Browser sends supported cipher suites, the server name (SNI), and its half of a Diffie-Hellman key exchange |
| 2 | ServerHello | Server picks the cipher suite and returns its key share - Both sides can now derive the session keys |
| 3 | Certificate | Server proves its identity with a certificate chain, already encrypted under the new keys |
| 4 | CertificateVerify + Finished | Server signs the handshake transcript with the certificate's private key; client validates the chain against its trusted roots |
| 5 | Application data | HTTP flows inside the encrypted channel - With session resumption (0-RTT), repeat visits can skip ahead even faster |
Why the asymmetric/symmetric split matters
The handshake uses slow public-key cryptography once to establish trust and agree on keys; everything after runs on fast symmetric ciphers like AES-GCM or ChaCha20. TLS 1.3 also provides forward secrecy by default: because session keys are ephemeral, recorded traffic stays unreadable even if the server's private key leaks later. The maths behind both halves is covered in what is encryption.
Certificate Types
| Type | What the CA Verifies | Typical Use |
|---|---|---|
| DV (Domain Validated) | Control of the domain only - Automated in minutes | Most websites; what Let's Encrypt issues |
| OV (Organization Validated) | Domain control plus the company's legal existence | Corporate sites |
| EV (Extended Validation) | Full legal-identity vetting | Banks, payment providers |
| Wildcard | One certificate for *.example.com | Many subdomains under one name |
| SAN / multi-domain | Several explicit names in one certificate | Mixed domains on shared infrastructure |
Note what all of these certify: identity, not honesty. A phishing site can hold a perfectly valid DV certificate - The padlock means "encrypted to this domain", never "this domain is trustworthy". More detail in the SSL certificate FAQ.
How to Inspect a Site's Certificate
| Step | Action |
|---|---|
| 1 | Run the domain through the SSL certificate checker - It reports issuer, validity window, and days until expiry |
| 2 | In a browser: click the padlock (Chrome: padlock → Connection is secure → Certificate is valid; Firefox: padlock → Connection secure → More information) |
| 3 | Check the three essentials: the name matches the site, the date range covers today, and the issuer is a known CA |
| 4 | From a terminal: openssl s_client -connect example.com:443 -servername example.com dumps the full chain and negotiated protocol version |
A walkthrough with screenshots is in how to check an SSL certificate.
What This Means for You
TLS quietly protects nearly everything you do online, so your attention is only needed at the edges. When a browser shows a certificate warning, treat it as a stop sign - It means the identity proof failed, and "proceed anyway" hands any on-path attacker exactly the opening TLS exists to close. Remember the padlock's limits: it guarantees privacy of the channel, not the honesty of the site, and your visited domain names still leak via DNS and SNI unless you add encrypted DNS or a VPN. If you run a website, automate renewal - Expired certificates remain the most common, most preventable TLS failure.
Frequently Asked Questions
Is there any difference between SSL and TLS?
Functionally they refer to the same job - Encrypting connections - But every SSL version is obsolete and insecure; TLS 1.2 and 1.3 are what actually runs today. The name "SSL" survives in marketing and product names ("SSL certificate"), even though the certificates themselves are protocol-neutral.
Does HTTPS mean a website is safe?
No. HTTPS means the connection is encrypted and the server controls the domain you see in the address bar - Nothing more. Phishing sites routinely use valid certificates. Judge safety by the domain itself, the site's age and reputation, and what it asks of you, not by the padlock.
What happens when a TLS certificate expires?
Browsers refuse the connection with a full-page warning, because an expired certificate can no longer be checked against revocation and identity guarantees. For site owners the fix is renewal - Free with Let's Encrypt and best automated, since the 90-day lifetime makes manual renewal easy to forget.