⌘K
We use cookies to improve your experience
We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience.
Definition
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure, encrypted communication over networks. TLS is what makes HTTPS work, encrypting data between your browser and web servers to prevent eavesdropping and tampering.
SSL was originally developed by Netscape in the 1990s. SSL 3.0 was superseded by TLS 1.0 in 1999, and the protocol has evolved through TLS 1.1, 1.2, and the current version TLS 1.3 (2018). Despite TLS being the correct modern term, "SSL" is still commonly used colloquially. TLS 1.2 and 1.3 are the only versions considered secure — older versions have known vulnerabilities and are being deprecated.
When you connect to an HTTPS website, a TLS handshake occurs: the server presents its certificate (proving its identity), the client verifies the certificate against trusted Certificate Authorities (CAs), both parties negotiate a cipher suite, and symmetric encryption keys are established. TLS 1.3 simplified this handshake to a single round trip, improving connection speed.
TLS certificates are issued by Certificate Authorities and bind a domain name to a public key. Let's Encrypt provides free certificates and has automated the issuance process, making HTTPS accessible to all websites. Modern browsers mark HTTP sites as "Not Secure" and many web APIs (geolocation, camera, service workers) require HTTPS. For web developers, HTTPS is no longer optional — it is a baseline requirement for security, SEO (Google uses HTTPS as a ranking factor), and modern web feature access.