The straight forward answer to this question is "use either of them, it does not matter"
SSL [ Secure Socket Layer ] was initially developed by Netscape in 1996 [1] This was called SSL v3.0. It was published by ITEF as RFC 6101
TLS [ Transport Layer Security ] was developed as an upgrade to SSL v3.0. This was published in RFC 2246.
The actual protocol difference between TLS and SSL is not very significant. But SSL v3.0 is consider as a weaker protocol than TLS v1.0. Thus, implementations of TLS v1.0 provide a backward compatibility to SSL v3.0 with the risk of reduced security.
As a programmer for secure code, you would use OpenSSL APIs to code. OpenSSL APIs provide the library interface to use TLS [ or SSL ]. Since the protocol implementation details are hidden within the OpenSSL APIs, the programmer need not bother about the underlying protocol. The programmer need not also bother about how this secure layer will be created when devices use different versions of TLS.
Thus when talking about Secure programming, you will see that people usually use TLS and SSL interchangeably.
TLS wraps over TCP and thus does not worry about data transfer. It is only a authentication protocol. Once it authenticates the client host, it assumes all data to be good and thus does not encrypt data packets.
There is another protocol called IPSec that you can confuse with TLS.
IPSec stands for Internet Protocol Security where in each packet is encrypted.
As a small tip, remember that
SSL [ Secure Socket Layer ] was initially developed by Netscape in 1996 [1] This was called SSL v3.0. It was published by ITEF as RFC 6101
TLS [ Transport Layer Security ] was developed as an upgrade to SSL v3.0. This was published in RFC 2246.
The actual protocol difference between TLS and SSL is not very significant. But SSL v3.0 is consider as a weaker protocol than TLS v1.0. Thus, implementations of TLS v1.0 provide a backward compatibility to SSL v3.0 with the risk of reduced security.
As a programmer for secure code, you would use OpenSSL APIs to code. OpenSSL APIs provide the library interface to use TLS [ or SSL ]. Since the protocol implementation details are hidden within the OpenSSL APIs, the programmer need not bother about the underlying protocol. The programmer need not also bother about how this secure layer will be created when devices use different versions of TLS.
Thus when talking about Secure programming, you will see that people usually use TLS and SSL interchangeably.
TLS wraps over TCP and thus does not worry about data transfer. It is only a authentication protocol. Once it authenticates the client host, it assumes all data to be good and thus does not encrypt data packets.
There is another protocol called IPSec that you can confuse with TLS.
IPSec stands for Internet Protocol Security where in each packet is encrypted.
As a small tip, remember that
- When you have to connect 2 hosts with a dedicated connection [ aka TCP ] you would use TLS
- When you have to connect 2 hosts with a datagram connection [ aka UDP ] you would use IPSec
- When you intend to serve client hosts that are unknown to your network [ not trust worthy ] you would rely on TLS to save you with its certificate exchange protocol
- When you intend to serve specific clients who are either within your own network or are trusted, you would rely on IPSec
