Data that is passed “as-is”(without encryption) is prone to attacks by hackers and people with malicious intent. In order to pass critical financial information without being eavesdropped, it is crucial to encrypt all data. Encrypting communication allows one to pass credit card numbers, banking information and other sensitive details between the client and server and it is more secure. Encryption between the client and server is done by SSL/TLS. Before seeing which is a more secure protocol,we will first understand the terms SSL, TLS and HTTPS.
SSL is ‘Secure Sockets Layer‘ and it is used to secure the connection between the client and server. It makes use of public key encryption(when a public key may be used encrypt and private key may be used to decrypt – or it can work the other way around too) and it works at the transport layer of the OSI model. It provides data integrity, confidentiality for the connections between the client and server.
SSL is now known as TLS or ‘Transport layer security‘. It is again a cryptographic protocol that is used to encrypt all communication between client and server. SSL 3.0 officially became TLS and TLS 1.2 is the latest version. TLS is backward compatible to secure older SSL connections.
‘HTTPS’ is ‘Hyper text transfer protocol secure’. HTTP is the building block of the Internet. HTTPS is ‘HTTP’ secured with SSL/TLS. HTTPS is synonymous with security during transmission. Connections can be understood to be encrypted by seeing the padlock at the left hand corner of the screen or by seeing ‘https’ instead of ‘http’.
Now coming to the original question of which is more secure TLS is more secure as SSL has given way to TLS. But since communication security is still understood as SSL, it can be said that SSL/TLS is more secure.
Note: HTTP vs HTTPS image source: Google images
Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.
She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂