Secure Socket Layer (SSL) and Transport security layer (TSL) are internet security protocols used for secured communication between the web-browser and the webserver. SSL is the predecessor of TLS so logically TLS is more secure than SSL.
Let us discuss the differences between SSL and TSL in point wise manner −
TLS establishes communication in two steps.
Step 1 − Handshaking to authenticate the server &
Step 2 − Actual message transfer.
So, it’s slower than SSL.
TLS is based on the SSL v3.0 protocol with some enhancements.
SSL was developed with communication needs and related issues.
TLS v1.0 is prone to BEAST attacks but not POODLE attacks. TLS v2.0 is even more secure. SSL v2.0 & v3.0 are vulnerable to both the attacks.
If the web-server is capable of running TLS v2.0, then we should go with it. Else, SSL v3.0 or any other version of it should be used.
Web server which is configured with TLS protocols uses TLS certs of the corresponding version. So if the server is configured with TLS v1.0, then the cert that it uses is TLS v1.0. Similarly the server if configured with SSL protocols uses SSL certs of corresponding version.
TLS is back-ward compatible and supports SSL. But SSL is not compatible with TLS versions.
An SSL certificate is required to create an SSL connection. The complete process is explained below −
Step 1 − We need to provide all the details about the identity of the website, our organization and date of activation on SSL on the web server.
Step 2 − Using the details in step 1 private public keys are created.
Step 3 − Certificate Signing Request (CSR) which contains the details as per step 1 and the public key needs to be submitted.
Step 4 − Certifying Authority (CA) validates the details, on successful validation SSL certificate is issued to the organization.
Step 5 − SSL issued is matched to the private key, encrypted link is established by the web server between the website and the user's browser. SSL Certificate has your domain name, organization name, address, city, state, country, issue date & expiry date, Certifying Authority details.
Step 6 − When a web-browser tries to connect with an SSL secured website, firstly it fetches the site's SSL cert to check its validity and also a trusted CA has issued it and the certificate is being used by the website for which it was issued. In case any of these validations fail, a warning is shown to the user prompting it’s not secured by a valid SSL cert.
Certifying Authority follows NIST(National Institute of Standards & Technology) guidelines while issuing SSL certificates and as per that keys should be >=2048 bits in length.