en

SSL (Secure Sockets Layer) is the historic encryption protocol that started the secure web. Today all of its versions are considered insecure and have in practice been replaced by the TLS protocol, yet the name has stuck: "SSL certificate" and "SSL connection" are still used as synonyms for secure HTTP.

Why SSL gave way to TLS

SSL 2.0 and 3.0 contained vulnerabilities that led to them being retired completely. They were succeeded by TLS — essentially the same idea, but with stronger cryptography and the flaws fixed. When people say "the site runs over SSL", they almost always mean TLS.

What an SSL certificate is

A certificate is a file that confirms a domain belongs to its owner and contains a public key for encryption:

  • Domain verification — the browser checks the site name in the URL against the one stated in the certificate.
  • One IP, many sites — the server picks the right certificate based on the SNI extension.
  • Channel encryption — the actual protection is provided by TLS, while the certificate merely authenticates the parties.

So "buying SSL" really means obtaining a certificate to work over TLS.

SSL certificate
Learn more