In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.
Acronym: SSL – Secure Sockets Layer
Definition: SSL was a protocol used to establish authenticated and encrypted communication between two network endpoints.
Did you say “was?”
SSL was developed by Netscape in 1995 to secure traffic from clients to web servers. SSL version 1.0 was never released, as it was determined that it contained serious security flaws. Later in 1995 version 2.0 was released, also containing several vulnerabilities. Fast-forward to 1996, when version 3.0 was released as a total revamp of the previous security versions. When even more flaws were discovered, that was pretty much the end for SSL and it was deprecated in 1999 in favor of its successor, Transport Layer Security (TLS). Despite few technical differences between the two, the name change was largely to decouple that association with Netscape and likely to leave behind some of the bad memories.
Why do we still say “SSL” if it doesn’t exist anymore?
Branding is the answer. As with most modern technologies, particularly where security is concerned, there have been some bumpy roads getting us to where we are today. Think of the game Hacky Sack. You rarely hear it called its actual name, “footbag.” People prefer to use the popular brand name that they are most familiar with. Similarly, we still speak fluidly about SSL decryption when in reality we are talking about TLS decryption.
Check Out More Resources
The Nexum team attended Black Hat 2023 and DEF CON 31 conferences in Las Vegas. Check out this post about their experiences and some guidance on the differences between the two events.