Every HTTPS connection on the modern web uses TLS. Not SSL. The padlock icon in browsers still says SSL. Hosting providers sell SSL certificates. Devops teams talk about SSL termination. But SSL has been dead since 2015. What actually protects traffic is TLS 1.2 or TLS 1.3.
This distinction matters. SSL and TLS are not the same protocol. They have different security properties. Different handshake flows. Different cipher suites. One of them has known vulnerabilities that attackers can exploit.
What SSL and TLS Actually Do
Both protocols solve the same problem. They encrypt data between a browser and a server. They authenticate the server identity using certificates. They ensure nobody can read or modify the traffic in transit.
The handshake follows a standard pattern. The browser sends a ClientHello message. It lists the TLS versions it supports. It lists the cipher suites it can use. The server responds with ServerHello. It picks the highest TLS version both sides support. It picks a cipher suite. It sends its certificate.
The browser verifies the certificate. It checks the certificate chain. It validates the signature against a trusted Certificate Authority. If the chain is valid, the browser generates a premaster secret. It encrypts this with the server public key. The server decrypts it with its private key.
Both sides now have the same secret. They derive session keys from it. All further traffic is encrypted with these keys. This is symmetric encryption, much faster than the asymmetric crypto used in the handshake.
The Protocol Versions
SSL 1.0 was never released. It had critical flaws discovered during development. SSL 2.0 shipped in 1995. It had design weaknesses that made it vulnerable to man-in-the-middle attacks. SSL 3.0 came in 1996. It fixed some issues but introduced new ones.
The POODLE attack in 2014 broke SSL 3.0 completely. An attacker could decrypt cookies and session tokens. The response was swift. RFC 7568 deprecated SSL 3.0 in 2015. No modern browser supports it anymore.
TLS 1.0 arrived in 1999. It was essentially SSL 3.1 with minor changes. TLS 1.1 followed in 2006. Both are now deprecated. The PCI DSS standard stopped accepting them in 2018. Major browsers disabled them in 2020.
TLS 1.2 shipped in 2008. This is where things got serious. It added support for modern cipher suites. AEAD ciphers like AES-GCM. SHA-256 for message authentication. Forward secrecy through ephemeral key exchange.
TLS 1.3 came in 2018. It is the fastest and most secure version yet. The handshake requires only one round trip instead of two. It removed all the broken cipher suites. No more RC4. No more 3DES. No more CBC mode ciphers. It mandates forward secrecy for every connection.
Common Configuration Mistakes
The most common mistake is configuration drift. A server ships with TLS 1.2 enabled. But it also has TLS 1.0 and 1.1 turned on for legacy compatibility. An attacker can force a downgrade. They pretend to be an old client. The server falls back to the weaker protocol.
Another pattern is certificate confusion. People think buying a certificate enables encryption. It does not. The certificate only proves identity. The actual encryption depends on the TLS configuration. Servers with valid certificates can still negotiate SSL 3.0 connections if misconfigured.
The tooling does not help. OpenSSL commands still use ssl in every flag. openssl s_client -connect host:443. nginx ssl_certificate. ssl_protocols TLSv1.2 TLSv1.3. The industry never updated the naming convention.
The Numbers That Matter
Scanning production servers reveals consistent patterns across the industry.
| Metric | Typical Value |
|---|---|
| Servers with TLS 1.3 enabled | 60-70% |
| Servers with TLS 1.0 still enabled | 20-25% |
| Servers with SSL 3.0 enabled | 2-5% |
| Servers with perfect forward secrecy | 80-85% |
| Servers with HSTS enabled | 50-60% |
Servers with SSL 3.0 enabled are usually running legacy payment terminals or old embedded systems. They cannot be upgraded without replacing hardware. These should be on isolated networks.
Servers with TLS 1.0 enabled often have no technical excuse. They run modern Linux distributions. The configuration was copy-pasted from old tutorials. Fixing this requires a configuration change and application testing.
Where TLS Breaks
TLS is not magic. It fails in specific ways.
Certificate expiry. Production sites go down because nobody renewed the certificate. Let’s Encrypt offers 90-day certificates. They auto-renew if certbot is configured correctly. Automation prevents this failure.
Misconfigured cipher suites. A server can have TLS 1.3 enabled but still allow weak ciphers. TLS_AES_128_GCM_SHA256 is fine. TLS_RSA_WITH_RC4_128_SHA is not. Mozilla’s SSL Configuration Generator provides safe defaults.
Missing certificate chain. The server must send the full chain. Not just the end certificate. Also the intermediate CA certificates. Browsers can fetch missing intermediates. But it adds latency. Some clients fail entirely.
No HSTS. HTTP Strict Transport Security tells browsers to only use HTTPS. Without it, an attacker can strip the TLS on the first request. HSTS prevents this. Set Strict-Transport-Security: max-age=31536000 in response headers.
How To Verify The Setup
Three tools work for every server.
SSL Labs SSL Test. Go to sslabs.com/ssltest. Enter the domain. It gives a grade from A to F. It lists every protocol version enabled. It shows every cipher suite supported. It flags known vulnerabilities. Aim for A+ on every production server.
testssl.sh. This is a command-line tool. Run it against any host. It checks everything SSL Labs checks. It works on internal servers that SSL Labs cannot reach.
curl verbose mode. Run curl -vI https://yourdomain.com. Look at the handshake output. It shows the TLS version negotiated. It shows the cipher suite picked. It shows the certificate chain. This is what actual clients see.
The Takeaway
SSL is dead. TLS 1.2 and 1.3 are what matters. Disable everything older. The certificate proves identity. The TLS configuration provides encryption. Both matter.
Check servers today. Not next week. The 20-25 percent of servers still running TLS 1.0 are vulnerable to known attacks. The fix is a configuration change. It takes 10 minutes. The risk is not worth it.
Keep a checklist for every deployment. TLS 1.2 minimum. TLS 1.3 preferred. No SSL protocols. Strong cipher suites only. HSTS enabled. Certificate auto-renewal configured. Run testssl.sh before going live. Re-run it quarterly.
For a deeper look at network security vulnerabilities, check out our analysis of AirSnitch: Breaking Client Isolation in Wi-Fi Networks.
Security threats continue to evolve — see our breakdown of Adversarial AI Attacks 2026: Five ML Manipulation Methods.
This is not optional infrastructure. It is the foundation of web security.
Discover more from Susiloharjo
Subscribe to get the latest posts sent to your email.