{"id":18354,"date":"2025-03-17T12:39:37","date_gmt":"2025-03-17T16:39:37","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=18354"},"modified":"2025-03-28T11:27:06","modified_gmt":"2025-03-28T15:27:06","slug":"ssl-and-tls-versions-celebrating-30-years-of-history","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/ssl-and-tls-versions-celebrating-30-years-of-history\/","title":{"rendered":"SSL and TLS Versions: Celebrating 30 Years of History"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">March 2025 marks the 30th anniversary of the secure sockets layer (SSL) protocol&#8217;s version 2.0 debut. Celebrate with us as we explore the history of the various SSL and TLS protocol versions over the last three decades<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When Netscape Communications unveiled its groundbreaking Netscape Navigator browser in November 1994, few knew of the innovations that were taking place behind the company\u2019s closed doors. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It was here that the first iteration of the <a href=\"https:\/\/www.thesslstore.com\/blog\/what-does-ssl-stand-for-secure-sockets-layer\/\">secure sockets layer<\/a> (SSL) protocol was born (i.e., SSL 1.0). Although this version was never publicly released, the second version of the SSL protocol (SSL 2.0) made its public debut in Netscape Navigator 1.1 early the following year. It was this version of the SSL protocol that laid the groundwork for establishing the foundation of digital trust that we often take for granted today.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As we celebrate SSL 2.0&#8217;s 30th anniversary, it&#8217;s the perfect opportunity to look back to explore how this pioneering technology has evolved over time \u2014 from the vulnerable SSL 2.0 to the robust security of the latest TLS protocol versions (TLS 1.2 and 1.3) that protect our digital lives today. &nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\">A Timeline of the Different SSL &amp; TLS Protocol Versions<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You can\u2019t do anything meaningful online \u2014 at least not securely \u2014 without the help of transport layer security (TLS). But it hasn\u2019t always been the case \u2014 there have been earlier SSL versions of security protocols that have come and gone, having paved the path for the modern versions of the TLS protocol that followed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Explore our interactive timeline to learn more about the different versions of the <a href=\"https:\/\/www.thesslstore.com\/blog\/the-real-truth-about-tls-vs-ssl-the-difference-may-surprise-you\/\">SSL and TLS<\/a> protocols and how each has contributed to improving internet security over the last 30 years. &nbsp;<\/p>\n\n\n\t\t\t<!-- Cool Timeline Free V3.3.3 -->\n\t\t\t<div class=\"ctl-wrapper\" role=\"region\" aria-label=\"Timeline\">\n\t\t\t\t<div class=\"ctl-before-content\"><div class=\"timeline-main-title\"><h2>A History of the SSL &amp; TLS Protocol Versions<\/h2><\/div><\/div>\t\t\t\t<div id=\"cool_timeline_1\" class=\"cool-timeline-wrapper ctl-both-sided ctl-vertical-wrapper\" >\n\t\t\t\t\t<div class=\"ctl-start\"><\/div>\n\t\t\t\t\t<!-- Timeline Container -->\n\t\t\t\t\t<div class=\"ctl-timeline ctl-timeline-container\" data-animation=\"none\">\n\t\t\t\t\t\t<!-- Center Line -->\n\t\t\t\t\t\t<div class=\"ctl-inner-line\" role=\"presentation\"><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<!-- Timeline Content --><div  id=\"ctl-story-18336\" class=\"ctl-story ctl-story-icon odd ctl-story-right\" data-aos=\"none\"   data-story-index=\"1\" role=\"article\"><!-- Story Icon --><div class=\"ctl-icon\"><i class= \"fa fas fa-lock-open\" aria-hidden =\"true\"><\/i><\/div> <!-- Story Arrow --><div class=\"ctl-arrow\"><\/div><!-- Story Content --><div class=\"ctl-content\"><!-- Story Title --><div class=\"ctl-title story-18336\" aria-label=\"2\"><a target=\"_blank\" title=\"March 1995\" href=\"https:\/\/www.thesslstore.com\/blog\/cool_timeline\/march-1995\/\" class=\"story-link\">March 1995<\/a><\/div><!-- Story Description --><div class=\"ctl-description\"><p>SSL 2.0\u00a0launched with Netscape Navigator v1.1, the world&#8217;s first publicly available internet browser, in early &#8217;95. It provided enhanced cryptographic encryption &amp; authentication over Netscape&#8217;s SSL 1.0 internal release in November &#8217;94. The SSL Protocol was submitted as a draft to the IETF in April &#8217;95.<\/p>\n<\/div><\/div><\/div>\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"ctl-end\"><\/div>\n\t\t\t\t\t<nav class=\"ctl-pagination\" aria-label=\"Timeline Navigation\"><span class=\"page-numbers ctl-page-num\" role=\"status\"> Page 1 of 9<\/span> <span aria-current=\"page\" class=\"page-numbers current\">1<\/span>\n<a class=\"page-numbers\" href=\"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/18354\/page\/2\/\">2<\/a>\n<span class=\"page-numbers dots\">&hellip;<\/span>\n<a class=\"page-numbers\" href=\"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/18354\/page\/9\/\">9<\/a>\n<a class=\"next page-numbers\" href=\"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/18354\/page\/2\/\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" height=\"1em\" viewBox=\"0 0 448 512\">\n\t\t\t\t<path d=\"M224.3 273l-136 136c-9.4 9.4-24.6 9.4-33.9 0l-22.6-22.6c-9.4-9.4-9.4-24.6 0-33.9l96.4-96.4-96.4-96.4c-9.4-9.4-9.4-24.6 0-33.9L54.3 103c9.4-9.4 24.6-9.4 33.9 0l136 136c9.5 9.4 9.5 24.6.1 34zm192-34l-136-136c-9.4-9.4-24.6-9.4-33.9 0l-22.6 22.6c-9.4 9.4-9.4 24.6 0 33.9l96.4 96.4-96.4 96.4c-9.4 9.4-9.4 24.6 0 33.9l22.6 22.6c9.4 9.4 24.6 9.4 33.9 0l136-136c9.4-9.2 9.4-24.4 0-33.8z\"\/>\n\t\t\t\t<\/svg><\/a><\/nav>\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\n\n\n\n<h2 class=\"wp-block-heading\">TL;DR: An Overview of the SSL and TLS Version Standards<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t have time for a full article? No worries \u2014 here are the highlights of the history and versions of both the SSL and TLS protocols in the following table. Alternatively, click on a specific protocol version from the top row in the list below or keep scrolling to read more about all of them:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>&nbsp;<\/td><td><strong><a href=\"#ssl-version-2.0\">SSL 2.0<\/a><\/strong><\/td><td><strong><a href=\"#ssl-version-3.0\">SSL 3.0<\/a><\/strong><\/td><td><strong><a href=\"#tls-version-1.0\">TLS 1.0<\/a><\/strong><\/td><td><strong><a href=\"#tls-version-1.1\">TLS 1.1<\/a><\/strong><\/td><td><strong><a href=\"#tls-version-1.2\">TLS 1.2<\/a><\/strong><\/td><td><strong><a href=\"#tls-version-1.3\">TLS 1.3<\/a><\/strong><\/td><\/tr><tr><td>Official Standard<\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-hickman-netscape-ssl-00\"><\/a><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-hickman-netscape-ssl-00\">The SSL Protocol (an expired draft standard)<\/a><\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc6101\">RFC 6101<\/a> (<strong>NOTE:<\/strong> The <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-tls-ssl-version3-00\">\u201cclosest to original\u201d doc<\/a> is an expired draft)<\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc2246\">RFC 2246<\/a><\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc4346\">RFC 4346<\/a><\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc5246\">RFC 5246<\/a><\/td><td><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc8446\">RFC 8446<\/a><\/td><\/tr><tr><td>Release Date<\/td><td>Feb-March 1995<\/td><td>November 1995<\/td><td>January 1999<\/td><td>April 2006<\/td><td>August 2008<\/td><td>August 2018<\/td><\/tr><tr><td>Examples of Vulnerabilities<\/td><td>Insecure handshakes, insecure authentication algorithm, shared keys, restricted encryption key sizes (related to U.S. export laws), and vulnerable to MitM attacks<\/td><td>Insecure ciphers (e.g., CBC-mode ciphers), small key sizes, weak signature primitives, MitM-vulnerable key exchanges, and vulnerabilities to threats such as <a href=\"https:\/\/www.thesslstore.com\/blog\/ssl3-poodle-vulnerability\/\">POODLE<\/a><\/td><td>Outdated cipher suites, weak cryptographic algorithms, key exchange mechanism vulnerabilities, and vulnerabilities to known threats (e.g.,  POODLE)<\/td><td>Outdated cipher suites, weak hash functions, protocol downgrade support, insecure renegotiation, and static key exchanges<\/td><td>Lack of <a href=\"https:\/\/www.thesslstore.com\/blog\/perfect-forward-secrecy-explained\/\">perfect forward secrecy<\/a> (PFS), protocol downgrade support to serve legacy systems, and continued limited use of SHA-1<\/td><td>&nbsp;TBD<\/td><\/tr><tr><td>Still Supported by Modern Servers?<\/td><td>No<\/td><td>No<\/td><td>No<\/td><td>No<\/td><td>Yes<\/td><td>Yes<\/td><\/tr><tr><td>Deprecation Date\/End of Life Date<\/td><td>March 2011<\/td><td>June 2015<\/td><td>March 2021<\/td><td>March 2021<\/td><td>Technically obsoleted by TLS 1.3 (but not deprecated) in 2018, although it&#8217;s still supported by all major providers<\/td><td>&nbsp;N\/A<\/td><\/tr><tr><td>Deprecated By Which Standard<\/td><td>RFC 6176<\/td><td>RFC 7568<\/td><td>RFC 8996<\/td><td>RFC 8996<\/td><td>N\/A<\/td><td>&nbsp;N\/A<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div class=\"wp-block-group has-central-palette-5-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<h3 class=\"wp-block-heading\"><strong>The Precise Release Date of SSL 2.0 Is Tricky to Narrow Down<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><em>I\u2019ve seen release dates ranging from <a href=\"https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft02\">February 1995<\/a> to <a href=\"https:\/\/www.feistyduck.com\/ssl-tls-and-pki-history\/\">March 1995<\/a>. As it turns out, Netscape released SSL v2 in its Netscape Navigator 1.1 and followed it up by <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-hickman-netscape-ssl-00\">submitting the official specification to the IETF<\/a> in April 1995.<\/em><br><br><em>It&#8217;s for this reason we\u2019ve decided to go with the<\/em> <em>March 1995 crowd.<\/em><\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">SSL Version History Did (and Didn&#8217;t) Start with SSL 1.0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Technically, Netscape introduced SSL version 1.0 in late 1994. However, it was riddled with security issues and was never released publicly. (It was only used <a href=\"https:\/\/rolf.esecurity.ch\/?page_id=977\">within Netscape Communication\u2019s internal environment<\/a>.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As such, SSL version 2.0 is often looked upon as the true history maker rather than its deeply &#8220;troubled&#8221; predecessor. This is why we\u2019ll jump right in with SSL version 2.0 instead and walk you through the last three decades until we conclude with the latest TLS version.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ssl-version-2.0\">SSL Version 2.0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This version of the SSL protocol is what set the stage for the succeeding SSL\/TLS protocols that have been used to secure public websites for the last three decades. SSL protocol version 2.0 was a groundbreaking concept when it was <a href=\"https:\/\/www.feistyduck.com\/ssl-tls-and-pki-history\/\">released as part of Netscape Navigator version 1.1<\/a>. It established a process known as the <a href=\"https:\/\/www.thesslstore.com\/blog\/explaining-ssl-handshake\/\">SSL handshake<\/a>, which both parties could use to establish a secure, encrypted connection.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A handshake allows one or both parties to authenticate using <a href=\"https:\/\/www.itu.int\/rec\/T-REC-X.509\">X.509 digital certificates<\/a> (e.g., an SSL\/TLS certificate for server authentication) and use an <a href=\"https:\/\/www.thesslstore.com\/blog\/asymmetric-encryption-what-it-is-why-your-security-depends-on-it\/\">asymmetric cryptographic key pair<\/a> to securely exchange session keys. (An SSL certificate, essentially, is your website&#8217;s digital identity equivalent of a driver\u2019s license or state ID.)<\/p>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n<p class=\"wp-block-paragraph\">Throughout history, encrypted communications required two parties to exchange a key that could be used to encrypt and decrypt information. This means that they had to meet face to face so they could verify that the person receiving the key was, in fact, the intended person. (Not exactly conducive to remote or instantaneous global communications, am I right?) <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SSL 2.0 aimed to change all of that by providing a means to exchange keys remotely to enable remote encrypted communications.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2-1024x595.jpg\" alt=\"A screenshot of Verizon.com from 1997 that was captured via the Wayback Machine\" class=\"wp-image-18341\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2-1024x595.jpg 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2-300x174.jpg 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2-768x446.jpg 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2-1536x893.jpg 1536w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/verisign-wayback-machine-1997-2.jpg 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: Verisign, established in 1995, was the world\u2019s first public certification authority (CA) to issue SSL\/TLS certificates. For fun, enjoy this \u201cthrowback\u201d from the company\u2019s website in June 1997. (This screenshot was captured via the Wayback Machine from the domain Verisign.com on June 26, 1997.) &nbsp;<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">However, SSL 2.0 was plagued by numerous security issues \u2014 some of which, though not all, were intentionally induced (e.g., the U.S. government&#8217;s regulations relating to the export of cryptographic software and devices). Which brings us to SSL v3&#8230;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ssl-version-3.0\">SSL Version 3.0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Mozilla reports that <a href=\"https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/history\">support for SSL 3.0 rolled out in November 1995<\/a> to fill in some of the security gaps that were present in its predecessor (although the <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-tls-ssl-version3-00\">final version of the standard draft<\/a> wasn&#8217;t published until November 1996). Here are a few examples of the ways it did this:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Introduced authenticated Diffie-Hellman key exchanges as an alternative to RSA key exchanges<\/li>\n\n\n\n<li>Introduced the \u201cchain of trust\u201d certificate hierarchy<\/li>\n\n\n\n<li>Enhanced keygen security by implementing better PRFs<\/li>\n\n\n\n<li>Introduced three Fortezza cipher suites to the baseline list<\/li>\n\n\n\n<li>Enabled special PKCS #1 block formatting to allow servers to reject SSL v2 sessions from establishing with SSL 3.0-capable clients<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Despite its improvements, SSL v3 wasn\u2019t perfect, either. It was ultimately phased out starting in 2014 due to a series of serious security issues \u2014 namely, POODLE. <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2014\/10\/17\/ssl-30-protocol-vulnerability-and-poodle-attack\">This type of protocol downgrade attack<\/a>, which exploits padding-related vulnerabilities on servers supporting SSL 3.0 with <a href=\"https:\/\/www.thesslstore.com\/blog\/block-cipher-vs-stream-cipher\/\">cipher block chaining (CBC) mode ciphers<\/a>, enabled attackers to recover plaintext data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The design of this core protocol version carries through even in the latest versions of TLS. However, the responsibility of heading up future standards shifted from Netscape to the Internet Engineering Task Force&#8217;s (IETF&#8217;s) new <a href=\"https:\/\/datatracker.ietf.org\/wg\/tls\/about\/\">TLS Working Group<\/a>, which was created in 1996. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tls-version-1.0\">TLS Version 1.0<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">TLS 1.0 is foundationally based on SSL 3.0, this new protocol was created with the goal of addressing some of its predecessor\u2019s vulnerabilities. Unlike the previous SSL standards, this was one headed up by the IETF.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Although it was designed to replace the SSL protocol and not interoperate with it, TLS allowed protocol rollbacks (downgrades) to the less secure SSL protocols to support older systems. (This is also why some versions of the TLS protocol were still vulnerable to the aforementioned POODLE attacks.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This newer version of the protocol:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Marked the shift from Netscape\u2019s proprietary protocol development process to an IETF \u201crequest for comments\u201d (RFC) standard development process<\/li>\n\n\n\n<li>Added support for expanded cryptographic cipher suites<\/li>\n\n\n\n<li>Enhanced certificate validation requirements<\/li>\n\n\n\n<li>Eliminated the SSL protocol\u2019s \u201cNoCertificate\u201d client response option in favor of other alert values<\/li>\n\n\n\n<li>Combined MD5 and SHA-1 hash functions for enhanced pseudorandom functions (PRFs)<\/li>\n\n\n\n<li>Moved to use of HMAC calculations with MD5\/SHA-1 in lieu of MAC construction in RSA signing<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Ultimately, TLS 1.0 wasn\u2019t officially deprecated until many years later (March 2021), and the protocol version is still being phased out by major browsers and operating systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tls-version-1.1\">TLS Version 1.1<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">TLS version 1.1, which rode the coattails of version 1.0, provided \u201csmall security improvements, clarifications, and editorial improvements\u201d to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Provide info to mitigate TLS-focused attacks<\/li>\n\n\n\n<li>Define IANA registries (TLS Cipher Suite, TLS Alert, TLS HandshakeType, etc.) for specific protocol parameters<\/li>\n\n\n\n<li>Swap out implicit (predictable) initialization vectors (IV) for explicit ones to mitigate CBC attacks (CBCATTs)<\/li>\n\n\n\n<li>Reduce the Klima version-check oracle attacks<\/li>\n<\/ul>\n\n\n\n<p class=\"has-central-palette-5-background-color has-background wp-block-paragraph\"><strong>NOTE:<\/strong> In 1999 (after TLS 1.0 was implemented), the U.S. finally loosened its restrictions relating to the export of cryptographic software and devices that were previously in place. This means that the restrictions that were in place when SSL 2.0, SSL 3.0, and TLS 1.0 were implemented were no longer in effect for TLS 1.2 and 1.3, allowing the use of bigger encryption key sizes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Where Does TLS 1.1 Stand Today?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">While it\u2019s true that this TLS protocol version is deprecated across the modern major browsers (Chrome, Firefox, Safari, and Edge), <a href=\"https:\/\/caniuse.com\/?search=TLS%201.1\">older versions of these clients<\/a> may still provide partial support. They\u2019ll display warning messages and icons to users who try to connect using the insecure protocol.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tls-version-1.2\">TLS Version 1.2<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The TLS 1.2 specification made several notable changes, which included the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Eliminated some of the outdated cryptographic functions and elements<\/li>\n\n\n\n<li>Made cipher suite improvements based on the cryptographic security knowledge of the time (e.g., mandated use of the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite and elimination of the MD5\/SHA-1 PRFs in favor of cipher suite specified PRFs)<\/li>\n\n\n\n<li>Added data mode support for authenticated encryption (i.e., authenticated encryption with associated data, or \u201cAEAD\u201d for short)<\/li>\n\n\n\n<li>Specified that clients without certificates must provide an empty certificate list<\/li>\n\n\n\n<li>Optimized the cryptographic hash and signature specification process<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Where Does TLS 1.2 Stand Today?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">TLS 1.2 is still the most widely supported version of the protocol you&#8217;ll find supported by servers and clients online. (Data from <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\" target=\"_blank\" rel=\"noreferrer noopener\">Qualys SSL Labs&#8217; SSL Pulse tool<\/a> showed that 99.9% of the 150,000 SSL\/TLS-enabled sites surveyed supported TLS 1.2 protocol as of May 2024.) However, despite all of the changes listed above, it still wasn&#8217;t enough to make TLS 1.2 impervious to the ever-growing list of threats.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Weak algorithms left the protocol vulnerable to downgrade attacks, <\/li>\n\n\n\n<li>Its lack of mandated perfect forward secrecy left encrypted data vulnerable in the event of a future key compromise<\/li>\n\n\n\n<li>The protocol version&#8217;s reliance primarily on RSA and Diffie-Hellman key exchanges left it vulnerable to the factoring- and discrete logarithm-related issues identified by Shor&#8217;s Algorithm.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">More still needed to be done to make online transactions and data transmissions more secure. This now brings us to the latest version of the TLS protocol&#8230;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"tls-version-1.3\">TLS Version 1.3<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.thesslstore.com\/blog\/tls-1-3-everything-possibly-needed-know\/\">TLS 1.3<\/a> essentially took sections of the existing TLS 1.0-1.2 rulebooks and designs and threw them out the window. The result? A simplified, streamlined design that made it faster (at scale) and more secure than its predecessors.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Among the biggest changes seen in version 1.3 relates to how the session keys are derived and how <a href=\"https:\/\/www.thesslstore.com\/blog\/ocsp-ocsp-stapling-ocsp-must-staple\/\">online certificate status protocol<\/a> (OCSP) messages are transmitted. But what are some of the other notable changes of this TLS protocol version?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Eliminated use of weak symmetric encryption and hashing algorithms (e.g., SHA-1, MD5, RC4, DES, 3 DES, CBC-mode AES, etc.)<\/li>\n\n\n\n<li>Mandated use of perfect forward secrecy via ephemeral keys (which resulted in RSA and static DH key exchanges getting kicked to the curb)<\/li>\n\n\n\n<li>Streamlined the <a href=\"https:\/\/www.thesslstore.com\/blog\/tls-1-3-handshake-tls-1-2\/\">TLS 1.3 handshake<\/a> to a single round-trip interaction (1-RTT mode) or, in cases where a client and server have previously communicated, it\u2019ll reduce it to zero round-trip time (0-RTT). Previous TLS protocol versions used two round trips.<\/li>\n\n\n\n<li>Swapped out MAC-then-encrypt (i.e., a MAC + cipher combo) for authenticated ciphers (e.g., AEAD bulk encryption ciphers such as AES-CCM, AES-GCM, and ChaCha20 [when paired with Poly1305])<\/li>\n\n\n\n<li>Offered additional downgrade attack protection<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Where Does TLS 1.3 Stand Today?<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This protocol version is in use, although it isn&#8217;t widely adopted as TLS version 1.2. As of May 2024, 70.1% of websites surveyed by the Qualys SSL Labs (from the same SSL Pulse tool cited earlier) supported the TLS 1.3 protocol.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Looking to the Future of SSL and TLS: Quantum-Resistant Cryptography<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Quantum Cryptography is one of the things that&#8217;s going to require not just a different mindset and approach to implement, but ongoing changes as technologies and threats evolve as well. This is primarily due to the fact that <a href=\"https:\/\/media.defense.gov\/2021\/Aug\/04\/2002821837\/-1\/-1\/1\/Quantum_FAQs_20210804.PDF\">cryptographically relevant quantum computers<\/a> (CRQCs) are forecast to make TLS 1.2 and the public key cryptographic algorithms we rely on now virtually useless. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It&#8217;s for this reason that as part of the shift to using post-quantum cryptography (PQC) algorithms, the IETF proposes that the use of <a href=\"https:\/\/www.ietf.org\/id\/draft-ietf-uta-require-tls13-06.html\">TLS 1.3 <em>must<\/em> be supported<\/a> for TLS applications, and TLS 1.2 protocol <em>may<\/em> be supported only in specific circumstances.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Major providers are starting to transition to pairing TLS 1.3 with hybrid PQC. <a href=\"https:\/\/blog.cloudflare.com\/post-quantum-zero-trust\/\">Cloudflare reports<\/a> that as of March 2025, &#8220;well over a third of the human web traffic reaching the Cloudflare network is protected against these attacks by TLS 1.3 with hybrid ML-KEM key exchange.&#8221;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025-1024x576.png\" alt=\"This graphic showcases the post-quantum encryption adoption rate increase between March 1, 2024 and March 1, 2025. This graphic is courtesy of Cloudflare via the Cloudflare Radar platform. \" class=\"wp-image-18408\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025-1024x576.png 1024w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025-300x169.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025-768x432.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025-1536x864.png 1536w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/cloudflare-radar_post-quantum-adoption-march-2025.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A chart showcasing the amount of HTTPS traffic that Cloudflare serves via encrypted connections using post-quantum encryption algorithms. Image courtesy of the <a href=\"https:\/\/radar.cloudflare.com\/adoption-and-usage?dateRange=52w\">Cloudflare Radar platform<\/a><\/em>. <\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">An Overview of Recent and Ongoing Changes That Are in the Works<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.thesslstore.com\/blog\/nist-pqc-standards-are-out-where-do-we-go-from-here\/\">NIST published 3 PQC standards<\/a> in August 2024.<\/strong> These digital signature and key encapsulation mechanisms, which were selected from a list of 80+ PQC algorithm submissions, are expected to eventually replace modern public key algorithms.<\/li>\n\n\n\n<li><strong>On Feb. 26, 2025, the IETF released the Internet Draft, &#8220;<a href=\"https:\/\/www.ietf.org\/id\/draft-reddy-uta-pqc-app-07.html\">Post-Quantum Cryptography Recommendations for TLS-based Applications<\/a>.&#8221;<\/strong> This document highlights potential best practices to help organizations figure out the best way of handling the challenges associated with transitioning applications to utilizing post-quantum cryptography to help stave off <a href=\"https:\/\/www.thesslstore.com\/blog\/harvest-now-decrypt-later-hndl\/\">harvest now, decrypt later<\/a> (HNDL) and CRQC-related threats.<\/li>\n\n\n\n<li><strong>On March 11, 2025, NIST published the &#8220;<a href=\"https:\/\/csrc.nist.gov\/pubs\/ir\/8545\/final\">Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process<\/a>.&#8221;<\/strong> This document summarizes the fourth-round key establishment algorithm candidates (i.e., BIKE, Classic McEliece HQC, and SIKE) and covers the one chosen for standardization (HQC). The next steps include preparing and sharing a draft standard for public comments, which will be adjudicated, and then the final version is expected to be published approximately two years later.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Check Out These SSL and TLS Version History Resources<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Want to learn more about the history of the SSL\/TLS protocols? Check out these great resources:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/ssl\/draft02\">Mozilla\u2019s Archive page for the SSL 2.0 Protocol Specification (Last Updated Feb. 9, 1995)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/draft-hickman-netscape-ssl-00\">IETF\u2019s Draft of The SSL Protocol (April 1995)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/tls-1-0-inches-closer-to-full-retirement\/\">TLS 1.0 Inches Closer to Full Retirement (Nearly a Decade Later)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.feistyduck.com\/ssl-tls-and-pki-history\/\">Feisty Duck\u2019s SSL, TLS, and PKI History<\/a> (Ivan Risti\u0107)<\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/naming-next-version-of-tls\/\">Naming the Next Version of TLS<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/deprecation-tls-1-0-1-1-underway\/\">The Deprecation of TLS 1.0 and 1.1 Is Underway<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.thesslstore.com\/blog\/apple-microsoft-google-disable-tls-1-0-tls-1-1\/\">Apple, Microsoft, Google Announce Plans to Disable TLS 1.0, TLS 1.1<\/a> <\/li>\n\n\n\n<li>Ivan Risti\u0107\u2019s book \u201c<a href=\"https:\/\/www.feistyduck.com\/books\/bulletproof-tls-and-pki\/\">Bulletproof TLS and PKI<\/a>: Understanding and Deploying SSL\/TLS and PKI to Secure Servers and Web Applications\u201d (second edition)<\/li>\n\n\n\n<li>Stephen Thomas\u2019s book \u201c<a href=\"https:\/\/www.amazon.com\/SSL-TLS-Essentials-Securing-Web\/dp\/0471383546\">SSL and TLS Essentials: Securing the Web<\/a>.\u201d<\/li>\n\n\n\n<li>Mozilla\u2019s <a href=\"https:\/\/www-archive.mozilla.org\/projects\/security\/pki\/nss\/history\">History of NSS page<\/a>.<\/li>\n\n\n\n<li>Jean-Philippe Aumasson\u2019s book \u201c<a href=\"https:\/\/www.aumasson.jp\/\">Serious Cryptography: A Practical Introduction to Modern Encryption<\/a>\u201d (first edition).<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>March 2025 marks the 30th anniversary of the secure sockets layer (SSL) protocol&#8217;s version 2.0 debut. Celebrate with us as we explore the history of the various SSL and TLS&#8230;<\/p>\n","protected":false},"author":17,"featured_media":18329,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13107,16,10200],"tags":[136,13318,161],"class_list":["post-18354","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-hashed-out","category-hashing-out-cyber-security","category-monthly-digest","tag-ssl","tag-ssl-tls-protocol-versions","tag-tls","post-without-tags"],"views":7240,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2025\/03\/tls-version-timeline-feature.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/18354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=18354"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/18354\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/18329"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=18354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=18354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=18354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}