Here is the short answer: TLS is the modern name for SSL. They are successive versions of the same idea — a protocol that encrypts the connection between a client and a server and lets the client verify who it is talking to. No server on the public internet should be speaking actual SSL any more; when people say “SSL” today, they almost always mean TLS. The name simply refused to die.
A short history
SSL — Secure Sockets Layer — was created at Netscape in the mid-1990s to make shopping on the young web plausible. SSL 1.0 never shipped (its flaws were found internally), SSL 2.0 arrived in 1995 and was broken in significant ways, and SSL 3.0 followed in 1996 as a substantial redesign that held the fort for years.
When the protocol moved from Netscape to the IETF standards body, politics required a new name. The 1999 successor to SSL 3.0 was published as TLS 1.0 — Transport Layer Security. Technically it was a modest revision; TLS 1.0 was almost “SSL 3.1” (and its internal version number literally is 3.1). From then on, every improvement has been a TLS release:
- TLS 1.0 (1999) and TLS 1.1 (2006) — long deprecated; browsers removed support in 2020.
- TLS 1.2 (2008) — the workhorse for over a decade, still widely supported and acceptable when well configured.
- TLS 1.3 (2018) — a major cleanup: faster handshakes, obsolete cryptography removed entirely, better privacy. This is what most of the web negotiates today.
Meanwhile every SSL version has been formally prohibited: SSL 2.0 in 2011 and SSL 3.0 in 2015, after the POODLE attack made its weaknesses practical to exploit. A server offering SSL today is not retro — it is broken.
Why everyone still says SSL
Language follows habit, not standards documents. By the time TLS got its name, “SSL” was
already printed on invoices, baked into product names and taught in tutorials. Certificate
vendors sold — and still sell — “SSL certificates”. Software configuration kept the old
letters too: OpenSSL is the world’s most used TLS library, and countless config files have
settings with ssl in the name that actually control TLS.
The certificates themselves make the confusion harmless. An “SSL certificate” is an X.509 certificate, and X.509 is independent of protocol version — the same certificate served TLS 1.0 in 2005 and serves TLS 1.3 today. What changed is the protocol carrying it, not the certificate format. So “SSL certificate” and “TLS certificate” describe exactly the same file, and this site — an SSL checker at heart — checks certificates that are, in practice, used by TLS.
Which term should you use?
- Searching or buying? Use SSL. That is the vocabulary of hosting panels, CAs and support articles, and you will find what you need faster.
- Writing documentation or configuring servers? Prefer TLS, and be specific about versions — “TLS 1.2 or later” is a statement with meaning; “SSL enabled” is not.
- Talking to a mixed audience? “SSL/TLS” is the diplomatic compromise, and “certificate” on its own is usually unambiguous once context is set.
What actually matters on your server
The practical takeaways hiding under this naming debate are versions and configuration:
- Support TLS 1.2 and TLS 1.3, nothing older. Enabling SSL 3.0 or TLS 1.0 to serve some ancient client punishes every other visitor and fails compliance checks (PCI DSS banned TLS 1.0 for payment systems back in 2018).
- The certificate is separate from the protocol. A perfectly valid certificate on a badly configured server — or a modern TLS 1.3 server presenting an expired certificate — each fail in their own way. Both halves need to be right.
- You rarely choose the version explicitly. Client and server negotiate the best mutually supported version during the handshake. Your job is deciding what the server offers.
Two tools for two questions
This split is exactly how the DNS Studio suite divides the work. If your question is about the certificate — is it valid, trusted, covering the right names, when does it expire? — use the SSL checker on this site. If your question is about the protocol — which TLS versions does my server negotiate, which cipher suites, is anything legacy still enabled? — that depth lives on tls.studio. Start with whichever question is yours; each tool links to the other.
And if a browser is currently showing you an error with SSL or CERT
in its name, skip the theory and go straight to
common SSL errors explained.