Sometimes it feels as if we IT people live in two different time zones. In one, we develop secure, scalable, and resilient systems using modern frameworks. In the other, our minds are stuck in 1999. For example, when we talk about SSL certificates, even though SSL has long been obsolete. So, it's time for a clear statement: We should stop saying SSL. It's called TLS. Period.

SSL is history

SSL (Secure Sockets Layer) was a protocol used to secure internet connections. Was. Past tense. Even the last officially released version, SSL 3.0, dates back to 1996. Its successor was released in 1999 and is called TLS (Transport Layer Security). Currently, TLS 1.3, released in 2018, is the state of the art. Many people – even large hosting providers – continue to talk about "SSL certificates" today. That is like referring to modern electric cars as "battery-powered steam carriages". It might be linguistically convenient, but it's technically incorrect, and represents a step backwards for the collective understanding of security on the internet.

Language shapes understanding

Language is not neutral. Using terms such as "SSL certificate" perpetuates a security model that is no longer valid and ensures that knowledge is distorted, incorrect or not conveyed at all. The problem with this is that many people who work with these terms are not full-time IT security experts. They rely on what is popular – and unfortunately, what is popular is often what is found in old tutorials, on advertising sites or in SEO-optimised FAQs. Anyone who still talks about SSL is directly contributing to confusion and, as a result, insecurity. As IT professionals, we have a responsibility: we must not only build secure systems, but also ensure that the concepts behind them are understandable, correct and accessible. This also includes clearing out outdated terms. Even if it's inconvenient.

“But my host calls it that!”

Yes, many service providers still refer to their certificates as 'SSL certificates'. This is a marketing failure, not a technical argument. In fact, there are no longer any publicly trusted SSL certificates – all common certification authorities have long since been issuing certificates for TLS. So if you buy an "SSL certificate" today, you're actually getting a certificate for use with TLS. So why the misleading labelling? Because the term "SSL" has a certain brand effect. It rolls off the tongue more easily. And, let's be honest, because many providers simply don't want to bother updating their terminology. But that is exactly what is needed. And it is their damn duty.

Why it matters how we talk about technology

If we insist on precision in IT, whether that be in code quality, algorithms or security protocols, then we must also be precise in our language. Using outdated or overly complex terminology obscures technical realities. This can lead to dangerous misunderstandings, particularly with regard to security-critical issues. That's exactly why we want to write it on every wall: Call it TLS, not SSL. This is not pedantic, but professional. It is not petty, but consistent. It is not just a term, but an expression of how seriously we take security and whether we are prepared to take responsibility.

If you want to make the IT world a better place, start with the language

At bevuta, we are not interested in half-baked ideas or technical nostalgia. We want to build systems that not only work, but also earn trust. This requires clarity: in the code, in the architecture and in the language. So, the next time you find yourself saying "SSL certificate," stop yourself. Say TLS. Write TLS. Demand TLS. And explain to others why it's important. Because security doesn't just start with a protocol – it starts with awareness.