Why people who know better still say 'SSL'. And 'hoverboard'.

It's 17 years since TLS was standardised. Is it time to move on?

By Mike on 13th Jan 2016

We feel your pain. You're a devops person or system administrator and why is everyone talking about SSL? It's called TLS now, and it has been for 17 years.

This happens a lot in technology:

TLS is the correct name for the current protocol, but the name 'TLS' has never really taken off. The entire technology industry, including infosec and devops folk, still uses 'SSL' far more frequently. Obviously, people still talk about 'SSL certificates', 'SSL clients' and services. But more recent developments still use the term:

Why do we do this? Because the technically outdated term 'SSL' conveys meaning better than the newer more correct term 'TLS'.

Here's a test:

Ask a devops person - particularly someone who uses the term 'TLS' in conversation - where they're 'terminating their TLS'.

Even though they know what TLS is, they'll probably still pause a moment to think what you mean.

If you want people outside infosec, like the web developers setting up most servers these days - to pay attention to your message, you have to use the same language as they do.

One possible solution is avoiding use of TLS or SSL completely: Google uses HTTPS in documentation and this may be a good way forward: 'HTTPS' surpassed 'SSL' as a search term in 2011. However the use of 'HTTPS certificate' hasn't taken off

You could spend time in the noble cause of educating the world about the correct terminology. Or, given their limited amount of attention, you could spend that much time focusing on making sure they actually set up their web server properly. Picking the latter battle will make the world a better place.

That said, I totally hear you about the hoverboards.

1. Well, a Linux kernel and probably glibc, since a lot of technology people don't consider Android (which uses it's own libc) to be 'Linux'. Some consider Android 'Bionic/Linux' rather than 'GNU/Linux' which is also technically true. See 3.

2. Eg, from man dnsdomainname: dnsdomainname command will print the domain part of the FQDN (Fully Qualified Domain Name) - FQDNs are a way of specifying a host, and hosts live inside domains. However the baseline requirements have a more liberal definition, which is the label assigned to a node in the Domain Name System'. See 3.

3. Another side effect of being overly strict about terminology is distracting conversations like 1 and 2.

Mike MacCana, founder at CertSimple.

CertSimple makes EV HTTPS fast and painless.

An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!