The RFC may also be viewed at XXXX/ which also contains various RFC status information (including errata) together with a list of alternative formats, such as, text, PDF and HTML (this is the working area version of the document). We update the page from time-to-time when we can think of nothing better to do with our lives and now keep a change log in case you ever happen to read it twice. Secure Sockets Layer (SSL) is a Netscape protocol originally created in 1992 to exchange information securely between a web server and a browser where the underlying network was insecure.It went through various iterations and is now at version 3 (dating from 1995) and used in a variety of clientserver applications.It is now officially a dead parrot and must not be used henceforth by order of the great and good (and, in this case, the eminently sensible).

While there are detail differences between SSL and TLS the following descriptions apply to both protocols.

Note: SSLv2 was banned by RFC 6176 which contains a dire list of its shortcomings.

For those not comfortable with these terms they are covered in in this Encryption survival guide.

You may want to lie down for a while in a darkened room after reading this stuff.

TLS/SSL runs on top of TCP but below the end user protocol that it secures such as HTTP or IMAP as shown in Figure 1. TLS/SSL does not have a well-known port number - instead when used with a higher layer protocol, such as HTTP, that protocol designates a secure variant, HTTPS in the case of HTTP, which does have a well-known (or default) port number.

The designation HTTPS simply indicates that normal HTTP is being run on top of an TLS/SSL connection, which runs over TCP.

The term 'SSL certificate' has persisted, and will likely persist for the foreseable future, because given the choice of saying 'SSL' or 'X.509' the former tends to roll off the tongue more comfortably.

Doubtless a linguistic expert could wax lyrical over the S sound versus the X sound.

For we, mere mortals, its chief merit may be that it's shorter (3 versus 4 syllables).

The current guide includes SSL, TLS, some detail about X.509 and its usage as well as some explanation about certificate types, including EV certificates, and the trust process.

When a secure connection is initially established it will, depending on the implementation, negotiate support of the particular protocol from the set SSLv3, TLSv1, TLSv1.1 or TLSv1.2.