SSL: Secure Sockets Layer
Written by: Scott Hammond, Senior Security Engineer
Connect with Scott on LinkedIn
In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.
Acronym: SSL – Secure Sockets Layer
Definition: SSL was a protocol used to establish authenticated and encrypted communication between two network endpoints.
Did you say “was?”
SSL was developed by Netscape in 1995 to secure traffic from clients to web servers. SSL version 1.0 was never released, as it was determined that it contained serious security flaws. Later in 1995 version 2.0 was released, also containing several vulnerabilities. Fast-forward to 1996, when version 3.0 was released as a total revamp of the previous security versions. When even more flaws were discovered, that was pretty much the end for SSL and it was deprecated in 1999 in favor of its successor, Transport Layer Security (TLS). Despite few technical differences between the two, the name change was largely to decouple that association with Netscape and likely to leave behind some of the bad memories.
Why do we still say “SSL” if it doesn’t exist anymore?
Branding is the answer. As with most modern technologies, particularly where security is concerned, there have been some bumpy roads getting us to where we are today. Think of the game Hacky Sack. You rarely hear it called its actual name, “footbag.” People prefer to use the popular brand name that they are most familiar with. Similarly, we still speak fluidly about SSL decryption when in reality we are talking about TLS decryption.
Check Out More Resources
Wireless LAN Professionals Conference 2023
Nexum attended this year’s Wireless LAN Professionals Conference (WLPC) in Phoenix, AZ. Check out the recap!
SNOCC Quarterly Threat Update Q1 2023
Each quarter, the managed security team at Nexum shares insights from our first*defense SNOCCs. In this post, macro trends include vulnerabilities in Exchange, socially engineered phishing, IoT, Edge and infrastructure devices, and geo-blocking.
DNS Privacy (DoT & DoH) & Enterprise Security
DNS privacy and security are two considerations with competing goals. DoT and DoH undermine enterprise security for the benefit of privacy. ECS erodes privacy for distributed cloud-based resources. Let’s look at how these standards work and your options in defense or offense.