HTTP & Networking
What is SSL?
A deprecated cryptographic protocol that secured network traffic before TLS replaced it. The name persists colloquially.
SSL (Secure Sockets Layer) was the original encryption protocol for the web, introduced by Netscape in 1995. SSL 1.0 was never released, SSL 2.0 shipped briefly, SSL 3.0 dominated the early web. By 2014 every SSL version had been broken (POODLE killed SSL 3.0 in particular) and the industry moved on.
TLS (Transport Layer Security) replaced SSL through versions 1.0 (1999), 1.1 (2006), 1.2 (2008), and 1.3 (2018). TLS 1.0 and 1.1 are themselves now deprecated; modern stacks default to TLS 1.2 and 1.3.
In casual usage "SSL" still means "the encryption that makes a URL HTTPS." When someone says "install an SSL cert," they really mean a TLS certificate. The terminology has stuck because changing it would break too many docs, products, and habits.
FAQ
Is SSL still used?
No. The actual SSL protocol versions are all deprecated and disabled in modern clients. The acronym persists, but anything labeled "SSL" today is almost certainly TLS underneath.
SSL certificate vs TLS certificate?
They're the same thing, an X.509 certificate that binds a public key to a domain name. The "SSL" label is historical.
Why do people still say SSL?
Inertia. The certificate-vendor industry standardized on the term in the 1990s, every WordPress plugin uses it, and "SSL cert" is in muscle memory.
Related terms
The cryptographic protocol that encrypts and authenticates network traffic—the security layer under HTTPS, SMTPS, and most modern protocols.
HTTP encrypted with TLS, the same protocol, but every byte on the wire is authenticated and protected from eavesdroppers.
The application protocol the web is built on, a simple request/response format for asking a server for a resource.