Differences Between HTTPS, SSL, and TLS

Last Updated:


TCP and UDP are underlying protocols of the interconnected web. Oversimplifying, TCP and UDP transmit the binary 1s and 0s used in computer data.


HTTP uses TCP, but works a layer higher. The TCP ones and zeroes are formed into plain text, which is what HTTP uses. All HTTP requests are TCP, but not all TCP requests are HTTP.


Secure Sockets Layer (SSL) was the first attempt at securing information in transit "across the wire" with TCP, UDP, and more. In the late 1990s, SSL v2 and v3 were released to the world, and today they are obsolete and insecure.


Transport Layer Security (TLS), is the next version of SSL. The current versions are TLSv1.2 and TLSv1.3, with TLSv1.0 and TLSv1.1 being deprecated to discourage use. Again, this secures TCP, UDP, and other protocols. The term "SSL" is still used out of habit and marketing, but usually when referring to "SSL", people mean "TLS."


Just as HTTP uses plain-text with an underlying TCP connection, HTTPS does the same. The difference is HTTPS uses a TCP connection secured with TLS to provide security in transit.