Skip to content
NeoGuard

SSL/TLS

Cryptographic protocols that encrypt communication between your browser and a website (the padlock icon), ensuring data cannot be intercepted or tampered with in transit.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are the protocols that encrypt data in transit between your browser and a website. When you see the padlock icon in your browser’s address bar, TLS is active. Though SSL is technically obsolete (replaced by TLS 1.2 and 1.3), the term “SSL” persists in common usage.

What TLS Protects

  • Confidentiality: An attacker monitoring the network (on public Wi-Fi, for example) cannot read the data being exchanged.
  • Integrity: Data cannot be modified in transit without detection.
  • Authentication: The certificate verifies that you’re communicating with the real server, not an impersonator.

What TLS Does Not Protect

TLS secures the connection, not the endpoints:

  • It doesn’t protect data stored on the server (that requires encryption at rest)
  • It doesn’t verify that the website is legitimate, only that the connection is encrypted. A phishing site can have a valid TLS certificate.
  • It doesn’t protect against malware on your device intercepting data before encryption
  • For full network privacy (hiding which sites you visit from your ISP), you need a VPN

TLS Versions

  • TLS 1.3 (current): Faster handshake, stronger defaults, removes support for weak ciphers. The standard you should be using.
  • TLS 1.2: Still acceptable but offers more configuration options that can be misconfigured.
  • TLS 1.0/1.1 and all SSL versions: Deprecated. If your systems still use these, they are vulnerable.

TLS for Swiss Businesses

  • Websites: Every business website should use TLS (HTTPS). Free certificates are available from Let’s Encrypt. There is no valid reason to run an unencrypted website in 2026.
  • Email: Configure your mail server to use TLS for transport encryption (STARTTLS or implicit TLS). For sensitive communications, combine with end-to-end encryption.
  • APIs and internal services: TLS should protect all data in transit, including internal service-to-service communication.
  • Compliance: The nDSG requires appropriate technical measures for data protection. TLS on all external-facing services is a baseline regulatory expectation.

Certificate Management

TLS certificates expire (typically every 90 days for Let’s Encrypt, up to 1 year for paid certificates). Expired certificates cause browser warnings that destroy user trust. Automate renewal wherever possible.

Related Terms

EncryptionVPN (Virtual Private Network)Phishing