SSL versus TLS – What’s the difference?

  • Updated

If you are trying to use a secure email connection to GMAIL servers, use port 587.  Port 587 is considered a TLS port and is as or more secure than the general SSL ports of 465.

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other - SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a difference between the two.

Which is more secure - SSL or TLS?

TLS v1.0 is marginally more secure than SSL v3.0, its predecessor.  However, subsequent versions of TLS - v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.  For example, the BEAST attack that can completely break Web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.

Are not TLS and SSL different encryption mechanisms?

If you set up an email program, you will often see separate options for "no encryption," "SSL," or "TLS" encryption of you transmission.  This leads one to assume that TLS and SSL are different things, but this labeling is a misnomer.  You are not actually selecting which method to use (SSL v3 or TLS v1.x) when making this choice.  You are merely selecting between options that dictate how the secure connection will be initiated.

No matter which method you choose, TLS or SSL, the same level of encryption will be obtained when communicating to the server, and that level is determined by the software installed on the server, how that is configured, and what your program actually supports.

Information above found at:

ssl-versus-tls-whats-the-difference

General information on TLS:

Transport_Layer_Security