We all use email security technologies daily, without even knowing. It’s easy to mix up related cryptic abbreviations like SSL, TLS, and STARTTLS. However, if you find it necessary to understand the differences between these terms, this article will help you with that.
What Is SSL?
SSL is an abbreviation of Secure Sockets Layer. It is an encryption protocol that secures data as it’s being transmitted from one server to another (or between email servers, in our case). If a malicious actor intercepts the data in transit, it’ll be useless because they don’t have the encryption keys.
The first version of SSL was proposed in 1994 by Netscape Communications, an American technology company.
What Is TLS?
TLS stands for Transport Layer Security, another protocol that encrypts data as it’s being transmitted between servers. TLS is an upgraded version of the SSL protocol. The first version was released in 1999 by the Internet Engineering Task Force (IETF). It was designed to overcome certain security flaws in the SSL protocol.
Many people use the terms SSL and TLS interchangeably, while actually referring to the latter. SSL has long been deprecated in favor of TLS; people using both names interchangeably is a branding issue.
The newest version of TLS was adopted in August 2018.
What Is StartTLS?
StartTLS is not a security protocol like TLS and SSL. Instead, it is a protocol command that instructs servers to upgrade from an insecure connection to a secure one.
Data connection may be initially unencrypted, which poses a security risk. The StartTLS command instructs a server to switch from an unencrypted connection to an encrypted one, hence the name “Start TLS.” It is executed if both parties support TLS encryption.
How Do SSL/TLS and StartTLS Work Together to Send Emails?
Whenever you type in an email and hit the send button, start transferring data from your email client to your email server. The client may try to establish a secure connection in one of the two ways: Explicit or Implicit, depending on which port is used for communication.
- Explicit: The data exchange is initially started in unencrypted mode. The client uses the StartTLS command to ask the server to switch from a plain connection to a secure one. The server recognizes the instruction and re-establishes the connection using the TLS protocol. However, if it does not support TLS, the connection goes on using insecure mode.
- Implicit: The client tries to establish a secure server connection based on the TLS protocol right from the start. If the server does not support TLS, the session will not take place.
The difference between Explicit and Implicit modes is that the former can still proceed with an insecure connection if the server does not support TLS, allowing for backward compatibility with older systems.
Implicit mode guarantees better protection because the connection must always be secure for the email transfer to proceed.
We have outlined the core meaning of StartTLS, SSL, and TLS. We’ve also described how these tools work to send emails securely. At this point, you should understand the differences well enough to explain them to anyone interested.