There is a lot of confusion on the Internet regarding the names SSL and TLS. Obviously, both are security-related protocols that allow us to have our communication over the Internet encrypted.

History

In the times known as the Browser Wars, Netscape started to develop the SSL protocol, and Microsoft later joined with the PCT protocol that was supposed to fix several SSL issues. [1]

After a few years, an IETF working group was formed to standardize the SSL protocol. In 1999, after three years of development, a new version of the protocol was developed and published as RFC 2246. Both Microsoft and Netscape were part of the working group, and due to their inability to agree on some things, the protocol was renamed to TLS. Therefore, what was supposed to be SSL 3.1 became TLS 1.0. [2]

This change of name still causes a lot of confusion more than 20 years later. Several certificate authorities and other large companies still use SSL when naming their products – including Cloudflare, DigiCert, and Comodo.

Should I use SSL or TLS?

TLS. The latest version of SSL, SSL 3.0 was deprecated by RFC 7568 in 2015, which means that only the TLS protocol should be used. Therefore, you should refer to everything SSL/TLS-related as TLS – TLS certificate, TLS communication, or TLS handshake.