The Short Version
Let's clear this up quickly: SSL is dead. It was retired years ago because of serious security flaws. TLS is the modern replacement that actually protects your data. And HTTPS? That's just regular web traffic (HTTP) running through a TLS tunnel. When someone says "SSL certificate," they really mean a certificate that works with TLS.
SSL
Legacy protocol, now deprecated
TLS
Modern, secure encryption protocol
HTTPS
HTTP secured with TLS encryption
If you're just getting started with certificates, our What is SSL? guide covers the fundamentals. For the mechanics of how encryption actually works under the hood, see How SSL Works.
Get Modern TLS Security
All our certificates use the latest TLS 1.3 protocol
Modern TLS Certificate
Starting at $9.99/year
- TLS 1.3 Support
- Perfect Forward Secrecy
- Fast Handshake
- Strong Encryption
SSL (Secure Sockets Layer)
Important: SSL Is No Longer Secure
Every version of SSL has known vulnerabilities (POODLE, BEAST, DROWN). No modern browser supports SSL connections anymore. If your server still has SSL 3.0 enabled, disable it immediately.
Netscape developed SSL in the mid-1990s to solve a real problem: anyone sitting between your browser and a website could read everything in transit. SSL 1.0 was so broken it never shipped publicly. SSL 2.0 (1995) made it out the door but was quickly found to have fundamental design flaws. SSL 3.0 (1996) improved things but was eventually killed by the POODLE attack in 2014.
SSL Version History
TLS (Transport Layer Security)
TLS picked up where SSL left off. It's technically a different protocol — not just "SSL 4.0" — with redesigned handshakes, stronger ciphers, and better extension support. The current standard,TLS 1.3 (RFC 8446), was finalized in 2018 and represents a significant leap in both security and speed.
TLS Version Timeline
TLS 1.2 Features
- • AES-128 and AES-256 encryption
- • SHA-256 and SHA-384 hashing
- • ECDHE key exchange support
- • Wide cipher suite selection
TLS 1.3 Improvements
- • 1-RTT handshake (vs 2-RTT in 1.2)
- • Mandatory Perfect Forward Secrecy
- • Removed weak cipher suites entirely
- • 0-RTT resumption for returning visitors
Cipher Suites: What Changed in TLS 1.3
One of the biggest changes in TLS 1.3 is a dramatically smaller set of allowed cipher suites. TLS 1.2 supported dozens of combinations — many of them weak. TLS 1.3 cut that down to just five, all of which use AEAD encryption and provide forward secrecy by default.
| Cipher Suite | TLS 1.2 | TLS 1.3 |
|---|---|---|
| TLS_AES_256_GCM_SHA384 | — | ✓ Recommended |
| TLS_AES_128_GCM_SHA256 | — | ✓ Recommended |
| TLS_CHACHA20_POLY1305_SHA256 | — | ✓ Good for mobile |
| RSA key exchange | Available | ✗ Removed |
| RC4, 3DES, CBC-mode | Available | ✗ Removed |
Pro Tip
If you're not sure what your server is running, use our SSL Checker — it'll show exactly which TLS versions and cipher suites are enabled, and flag anything weak. For a step-by-step configuration walkthrough, see our SSL Configuration guide.
Upgrade to TLS 1.3
Experience faster, more secure connections
TLS 1.3 Certificate
Starting at $9.99/year
- 50% Faster Handshake
- Enhanced Privacy
- Future-Proof Security
HTTPS (HTTP Secure)
HTTPS isn't a separate encryption protocol — it's what happens when you run regular HTTP through a TLS tunnel. That "S" at the end simply means "this connection is encrypted." When you see https:// in the address bar, your browser has completed a TLS handshake with the server, and everything you send and receive is protected.
How HTTPS Works
HTTP Request
TLS Encryption
Secure Transfer
Why HTTPS Is Non-Negotiable in 2026
Security Benefits
- • Data encryption prevents eavesdropping
- • Server authentication stops impersonation
- • Data integrity catches tampering
- • Required for HTTP/2 and modern web APIs
Business Benefits
- • Google ranking boost since 2014
- • Visitors trust the padlock indicator
- • PCI-DSS, GDPR compliance requirement
- • No "Not Secure" warnings in Chrome
Side-by-Side Comparison
| Aspect | SSL | TLS | HTTPS |
|---|---|---|---|
| Current Status | Deprecated | Active | Standard |
| Security Level | Weak (known exploits) | Strong (1.2+) | Depends on TLS version |
| Performance | Slow | Fast (1-RTT in 1.3) | Good |
| Browser Support | Removed | Universal | Universal |
| Forward Secrecy | No | Optional (1.2) / Mandatory (1.3) | Depends on TLS |
Migration Checklist: Moving to TLS 1.3
If you're still running TLS 1.0 or 1.1 (or heaven forbid, SSL 3.0), here's a practical checklist. We've walked dozens of teams through this — it's usually simpler than you'd expect:
In Practice
Most organizations can complete this migration in an afternoon. The biggest hang-up we see is legacy load balancers or CDN configs that haven't been updated. If you're on Nginx or Apache, ourNginx SSL guide andSSL Configuration guide have the exact directives you need.
Our Recommendations
What You Should Use
- Use TLS 1.2 or 1.3 — 1.3 whenever possible for the speed and security wins
- Enable HTTPS everywhere — there's no valid reason to serve HTTP in 2026
- Disable all SSL versions and TLS 1.0/1.1 — they're security liabilities
- Use AEAD cipher suites with perfect forward secrecy (ECDHE + AES-GCM or ChaCha20)
For a full deep-dive into the TLS 1.3 handshake, cipher suites, and exact server configuration for Nginx, Apache, and IIS, see our TLS 1.3 explained guide. Need to understand how the underlying cryptography works? Dive into ourPKI (Public Key Infrastructure) explainer. Or if you're ready to automate certificate management, check out ourCertbot & ACME guide.