Logo
Dashboard
Security

SSL

Secure Sockets Layer - A deprecated cryptographic protocol for establishing encrypted connections between web servers and clients, now superseded by TLS.

What is SSL?

SSL (Secure Sockets Layer) is a cryptographic protocol originally developed by Netscape in the 1990s to provide secure communication over computer networks. While SSL has been deprecated and replaced by TLS (Transport Layer Security), the term “SSL” is still commonly used to refer to both SSL and TLS protocols.

SSL vs TLS

FeatureSSLTLS
Current VersionSSL 3.0 (deprecated)TLS 1.3 (current)
SecurityVulnerableSecure
StatusObsoleteActive
Cipher SuitesOlder, weakerModern, strong

SSL Versions

TLS Versions

SSL/TLS Handshake

1. Client Hello
   → Supported cipher suites
   → Random number

2. Server Hello
   ← Selected cipher suite
   ← SSL certificate
   ← Server random number

3. Key Exchange
   → Client generates pre-master secret
   → Encrypts with server's public key

4. Session Keys
   Both parties derive session keys

5. Finished Messages
   Encrypted communication begins

”SSL Certificate”

Despite the name, modern “SSL certificates” actually enable TLS connections:

# Certificate works with TLS 1.2 and 1.3
openssl s_client -connect example.com:443 -tls1_3

Configuring SSL/TLS

Web Server (Nginx)

server {
    listen 443 ssl http2;
    server_name example.com;

    # Modern TLS only
    ssl_protocols TLSv1.2 TLSv1.3;
    
    # Strong cipher suites
    ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
}

Application (Node.js)

import https from 'https';
import fs from 'fs';

const options = {
  key: fs.readFileSync('private-key.pem'),
  cert: fs.readFileSync('certificate.pem'),
  // Use TLS 1.2+ only
  minVersion: 'TLSv1.2',
  // Strong ciphers
  ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256'
};

https.createServer(options, (req, res) => {
  res.writeHead(200);
  res.end('Secure connection');
}).listen(443);

SSL/TLS Best Practices

1. Use TLS 1.2 or Higher

# Disable old SSL/TLS
ssl_protocols TLSv1.2 TLSv1.3;

2. Strong Cipher Suites

ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;

3. HSTS (HTTP Strict Transport Security)

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

4. Certificate Management

# Automated renewal with Let's Encrypt
certbot renew --quiet

Testing SSL/TLS Security

# Test SSL/TLS configuration
openssl s_client -connect example.com:443

# Check supported protocols
nmap --script ssl-enum-ciphers -p 443 example.com

# Online tools
# - SSL Labs (ssllabs.com)
# - testssl.sh

Common SSL/TLS Issues

Mixed Content

<!-- HTTPS page loading HTTP resource -->
<script src="http://example.com/script.js"></script>
<!-- Blocked by browser -->

Certificate Errors

SSL/TLS with CorsProxy

// CorsProxy uses modern TLS
const response = await fetch(
  'https://corsproxy.io/?url=https://api.example.com',
  {
    headers: {
      'x-cors-api-key': process.env.CORS_API_KEY
    }
  }
);

// Automatic TLS 1.2/1.3
// No SSL 2.0/3.0 support
// Strong cipher suites only

Learn More

Create a free Account to fix CORS Errors in Production

Say goodbye to CORS errors and get back to building great web applications. It's free!

See Pricing Create Account
CORSPROXY Dashboard

Related Terms

Encryption HTTPS SSL Certificate TLS

Encryption

The process of converting plaintext data into ciphertext using cryptographic algorithms to protect information from unauthorized access during transmission or storage.

HTTPS

HyperText Transfer Protocol Secure - The secure version of HTTP that encrypts data transmitted between browsers and web servers using SSL/TLS protocols.

SSL Certificate

A digital certificate that authenticates a website's identity and enables encrypted HTTPS connections between web servers and clients using SSL/TLS protocols.

TLS

Transport Layer Security - The cryptographic protocol that provides secure communication over networks, succeeding the deprecated SSL protocol for HTTPS and other secure connections.

More in Security

Anti-Detect Browser

An anti-detect browser is a specialized web browser designed to mask and manage multiple digital fingerprints, allowing users to create and maintain separate browser profiles with unique identities to avoid detection and tracking by websites.

CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart - A challenge-response test designed to determine whether the user is human or an automated bot.

CORB

Cross-Origin Read Blocking (CORB) and Opaque Response Blocking (ORB) - Browser security mechanisms that prevent malicious websites from reading sensitive cross-origin data, protecting against Spectre-class side-channel attacks.

Related guides

Web Scraping

features

Avoid These Mistakes When Handling CORS

Cross-Origin Resource Sharing (CORS) is a fundamental security feature implemented in web browsers to control how resources are shared between different origins.

What is the Difference Between a Proxy Server and a VPN? A Comprehensive Guide

Two common tools for protecting your online presence are Proxy Servers and VPNs (Virtual Private Networks).

WebSocket CORS in Browser Games: Security and Implementation Guide

Learn how WebSockets bypass CORS restrictions in browser games, understand security implications, and implement safe real-time multiplayer connections.
Back to Glossary