Secure Sockets Layer (SSL)

SSL

Legacy predecessor to TLS for securing application traffic; SSL is deprecated and insecure due to protocol and cryptographic weaknesses (e.g., POODLE). Modern systems must use TLS 1.2+.

#crypto#network#rfc

Last updated: 2025-08-23T00:00:00.000Z

Differences across sources

Parallel sources use distinct terminology or emphasize different aspects. Review each citation to understand scope and normative intent.

Evidence

RFC RFC 7568: Deprecating SSLv3 (2015-06) Normative evidence

SSLv3 is not sufficiently secure. This document requires that SSLv3 not be used.

www.rfc-editor.org
RFC RFC 6101: The Secure Sockets Layer (SSL) Protocol Version 3.0 (Historic) (2011-08) Normative evidence

This document is provided for historical purposes and is not recommended for use.

www.rfc-editor.org
OTHER OWASP Transport Layer Protection Cheat Sheet Informative evidence

Use TLS 1.2 or greater. SSL and early TLS versions are deprecated due to known vulnerabilities.

cheatsheetseries.owasp.org

Mappings

CISSP Domain 4

Examples

Disable SSL in Servers

Web and API servers are configured to disable SSLv2/SSLv3 and TLS versions < 1.2, and to prefer modern AEAD cipher suites.

More context

SSL is deprecated and replaced by TLS. Retain only for historical reference; enforce TLS 1.2+ (prefer TLS 1.3), strong cipher suites, and secure renegotiation/ALPN configurations.

Often confused with

See also