Re: [TLS] Terminology clarification around SSL & TLS

Julien ÉLIE <> Thu, 01 September 2016 19:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E0E712D685 for <>; Thu, 1 Sep 2016 12:17:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yTHTDbSpwlVO for <>; Thu, 1 Sep 2016 12:17:54 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8E32D12D65F for <>; Thu, 1 Sep 2016 12:17:53 -0700 (PDT)
Received: from macbook-pro-de-julien-elie.home ([]) by mwinf5d51 with ME id eKHq1t00R17Lgi403KHrfL; Thu, 01 Sep 2016 21:17:51 +0200
X-ME-Helo: macbook-pro-de-julien-elie.home
X-ME-Auth: anVsaWVuLmVsaWU0ODdAd2FuYWRvby5mcg==
X-ME-Date: Thu, 01 Sep 2016 21:17:51 +0200
To: "" <>
References: <> <> <> <>
From: =?UTF-8?Q?Julien_=c3=89LIE?= <>
Organization: TrigoFACILE --
Message-ID: <>
Date: Thu, 1 Sep 2016 21:17:50 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [TLS] Terminology clarification around SSL & TLS
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Sep 2016 19:17:56 -0000


>> The technology is SSL, and is sometimes also refered to as
> please no. the technology is TLS.
> i would like to continue to be able to say unambiguously that all
> known versions of SSL are badly broken and should be avoided. Let's
> not muddy those waters further.
> Let's not use a proprietary protocol name for a standard protocol.
> Conveniently, all SSL is broken now, long live TLS!

There's still something I find confusing:  on the one hand, SSL is badly 
broken and "diediedied", it is a proprietary protocol name, and the 
consensus in the TLS WG seems to be "long live TLS" but on the other 
hand major SSL/TLS implementations keep the SSL name living.

When people look for TLS implementations, they will find OpenSSL, 
BoringSSL, LibreSSL, MatrixSSL, wolfSSL, etc.
Besides, a developer will often use "-lssl" to link against TLS libraries.

So, if the consensus is to prevent people who speak about or work on TLS 
from constantly viewing the SSL name, will forthcoming software releases 
change their name?
Otherwise, confusion keeps being sustained...

Julien ÉLIE

« En voyant le lit vide, il le devint. » (Ponson du Terrail)