In SSL/TLS encryption there are a number of terms which are usually abbreviated to represent the different technologies, ciphers, algorithms etc. We have compiled a comprehensive dictionary with the most commonly used in an alphabetical order. A sort of glossary of SSL language terms and it's specific definitions.
| Abbreviation | Full name | Description |
|---|---|---|
| SSL | Secure Sockets Layer | SSL is a cryptographic protocol laso caled Transport Layer Security (TLS) that provides secure communication over a network. |
| TLS | Transport Layer Security | It is the successor to Secure Sockets Layer (SSL), and it is now the most widely used protocol for securing communications over the internet. |
| HTTPS | Hypertext Transfer Protocol Secure | A secure version of the Hypertext Transfer Protocol (HTTP) that uses Transport Layer Security (TLS), the protocol that is used to transmit data between web server and browser. |
| HTTP/2 | Hypertext Transfer Protocol 2 | HTTP/2 is a major revision of the HTTP protocol that aims to improve performance and reduce latency. |
| DV | Domain Validation | DV certificates are issued by verification of the domain name they want to secure. This verification is typically done by sending an email to the domain administrative contact or by placing a specific file on the web server. |
| OV | Organization Validation | It is a mid-level type of SSL certificate that provides more assurance of the website owner's identity than a Domain Validation (DV) certificate. SSL OV certificates are issued based on the verification of the applicant's legal and operational existence, as well as their domain control. |
| EV | Extended Validation | It is the highest level of SSL certificate and provides the most assurance of the owner of the website. SSL EV certificates are issued after the issuer performs an extended validation. Usually contacting the owner of the company/person and verifying the details. |
| SAN | Subject Alternative Name | It is an extension to the X.509 certificate standard that allows a single SSL/TLS certificate to secure multiple domain names and IP addresses. |
| CAA | Certificate Authority Authorization | It is an Internet security policy mechanism that allows domain name holders to indicate to certificate authorities (CAs) whether they are authorized to issue digital certificates for a particular domain name. |
| OCSP | Online Certificate Status Protocol | Network protocol used to check the revocation status of an X509 certificate. It can be used to determine if certificate has been revoked by issuer. |
| SNI | Server Name Indication | It is an extension to the TLS protocol that allows a client to indicate which hostname it is trying to connect to at the start of the handshake process. |
| HSTS | HTTP Strict Transport Security | Web security policy that helps protect websites from man-in-the-middle attacks by instructing web browsers to always connect to the site using HTTPS, even when the user types in the HTTP URL. |
| CSR | Certificate Signing Request | A message that is sent from an applicant to a Certificate Authority (CA) in order to apply for a digital certificate. The CSR contains information about domain, organization, location and public key. The issuer will use the information from the CSR to generate a SSL certificate for the requestor. |
| CRT | Certificate | Type of digital certificate that is used to verify the identity of a website,domain name or other entity. |
| ALPN | Application Layer Protocol Negotiation | It is a Transport Layer Security (TLS) extension that allows a client and server to agree on the application layer protocol to use over a secure connection. |
| NPN | Next Protocol Negotiation | As a result, NPN is no longer supported by most modern browsers and servers. It's recommended to be upgraded to ALPN. |
| QUIC | Quick UDP Internet Connections | New transport layer protocol that is designed to improve the performance and security of web traffic. QUIC is also designed to provide encryption and authentication for web traffic. |
| ECC | Elliptic curve cryptography | Commonly used in Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL). These curves are used to secure communications between web servers and clients. x25519 is Newer, Faster and More secure. secp256r1 is Older, Slower and Less secure |
| X.509 | International Telecommunication Union | Telecommunication Standardization Sector (ITU-T) Recommendation X.509, which defines the format and structure of digital X.509 certificates |
| CT | Certificate Transparency | Open-logging system that monitors and audits the issuance of digital certificates. It aims to enhance the security, detect and revoke fraudulent or compromised certificates. |
| SCT | Signed Certificate Timestamp | A digital signature that is added to a Certificate Transparency (CT) log entry. The SCT proves that the certificate was logged at a specific time and by a specific CA, ensure that the certificate is valid and has not been revoked. |
| DANE | Domain-Validated TLS ALPN Extension for HTTP/2 | It is an extension to the Transport Layer Security (TLS) protocol that allows a domain name owner to specify which Certificate Authorities (CAs) are authorized to issue certificates for their domain. |