What Is The Difference Between SSL, TLS And StartTLS

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the standard protocols for encrypting connections between two computers or servers. They prevent unauthorized third parties from intercepting information being transmitted from one party to another. StartTLS is a protocol command for protecting emails. This article will explain the differences between these three terms.

SSL TLS STARTLS Technology Rewiev Image1


What Is SSL?

It is an abbreviation for Secure Sockets Layer. This protocol was developed by Netscape, a web services company, in 1995 to safeguard information transmitted between servers. The protocol was soon implemented in Netscape’s email client and many other clients to protect mail exchange.

What Is TLS?

It is an abbreviation for Transport Layer Security. TLS is a successor to the SSL protocol. It is an upgraded version of SSL developed by the Internet Engineering Task Force (IETF). The first version was released in 1999, and since then it has evolved to version 1.3.

SSL has been deprecated in favor of TLS. Yet, most people still use the two terms interchangeably. Whenever you hear someone talking about SSL nowadays, they are most probably referring to TLS.

What Is StartTLS?

StartTLS is not a standalone protocol, unlike SSL and TLS. Instead, it is a protocol command that instructs an email client to upgrade from an insecure connection to a secure one. It is implemented in many Internet protocols, including SMTP, IMAP, and FTP.

Most email server connections are unencrypted by default. The StartTLS command instructs a server to upgrade from an insecure connection to a secure one encrypted using the SSL or TLS protocol.

How Do These Protocols Work When Sending Emails?

To understand how email encryption works, you must know what a “handshake” is. When two humans meet, they tend to shake hands before beginning a conversation. Email clients and servers follow a similar pattern.

An email client is an application you use to write and send emails, e.g., Gmail or Outlook. Every client connects to a specific mail server. Whenever you type a message and click send, you’re transferring its contents to your mail server. Then it goes from your mail server to that of the recipient.

A handshake occurs between your mail client and server when you click the send button. This handshake is facilitated by the Simple Mail Transfer Protocol (SMTP). It involves the client contacting the server to verify its availability. The client is also getting information about which encryption protocols it supports.

SMTP connections are insecure by design, so a modern email client will always try to establish a connection by one of the following two approaches;

  • Explicit: The client starts with an insecure connection and uses the StartTLS command to instruct servers to upgrade to an encrypted SSL or TLS connection. The servers immediately recognize the instruction and upgrades if it supports these protocols. If not, it retains the insecure connection.
  • Implicit: The client tries to establish a secure connection without asking the server about its compatibility. If the server is compatible, a secure connection is established. If not, the session will not take place.

The difference between these two approaches is that the “explicit” approach leaves room for a connection even if the server does not support encryption. In contrast, the “implicit” approach breaks the connection if the server does not support encryption.

Email encryption is facilitated by a secret key shared between the sender and recipient’s servers. The sender locks the message using the secret key, and the receiver decrypts it using the same key. If anyone intercepts the message in transit, it’ll be gibberish because they don’t have the right key to decrypt its contents.


We have provided a detailed explanation of StartTLS vs. TLS. To sum it up, TLS is the most popular protocol for encrypted data exchange, and StartTLS is a command instructing a server to upgrade from an insecure connection to a secure one. At this point, you should understand the difference between them.

SSL TLS StartTLS Technology Rewiev Image2


If you are interested in even more technology-related articles and information from us here at Bit Rebels, then we have a lot to choose from.