Is SSL no longer useful?
I've heard people beginning to debate the usefulness of SSL. Why do some people think that it is no longer useful, and what's in store for the future of SSL?

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I haven't heard these debates in security circles, and I seriously doubt that Secure Sockets Layer (SSL) is going to fade away anytime soon. Only a serious flaw or other watershed event could prevent its use. SSL is simply far too entrenched in Web browsers, SSH tools, VPNs and other technologies. It provides practical, easy-to-use encryption that's widely available in almost every security solution on the market today.

In fact, if we see any change in the near future, I think it will be an upsurge in SSL utilization. As more applications handle sensitive data, we're likely to see additional applications move to SSL-based technology. For example, SSL VPNs are becoming more popular than their IPsec-based cousins.

As you may be aware, there's another competitor of sorts on the scene. Transport Layer Security (TLS) is an open alternative to the Netscape-developed SSL, but it's really not gaining significant market share. TLS and SSL are substantially similar, and TLS is even capable of reverting to SSL communication when necessary. I suspect we'll continue to see TLS available in commercial products (especially those from Netscape!), but it's not likely to surpass SSL anytime soon.

More information:

  • Can a Web client that does not support SSL still connect to a secure server? Mike Chapple explains.
  • Learn how to verify whether Secure SSL is protecting sensitive Web data.

    • This was first published in July 2007

    Back to top