The thing that the that OpenSSL implements, that everyone calls "SSL", is actually called "TLS". ---- "TLS" is the standard protocol that programs speak to each other over the internet. [ "SSL" was a protocol last updated by Netscape used in 1996.](https://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_1.0.2C_2.0_and_3.0) If you're *actually* using SSL, you should probably stop, because [it's just not as good](https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_3.0) as TLS. ---- There is a popular misconception that "HTTPS" stands for "HTTP over SSL" which reinforces this confusion. For the record, doesn't, it stands for "[HTTP Secure](https://en.wikipedia.org/wiki/HTTP_Secure)". ---- There's also the fact that the wire-level protocol command for other protocols to switch to encrypted communication is `STARTTLS`, which makes people think that the thing where you *switch* to TLS is called TLS and the thing where you *start* the connection with TLS is called SSL. This is not the case either. They are both TLS. You can use `STARTTLS` with pre-standard TLS (SSL) if you configure your TLS implementation to do so. ---- I personally make this mistake *all the time*, even though I'm keenly aware of it. I try not to, but I'm not going to get mad at anybody for making it (and neither should you). ---- In case you didn't think there were enough nails in SSL's 15-year-old-at-this-point coffin, [SSLv3 is now completely broken](https://www.imperialviolet.org/2014/10/14/poodle.html). SSLv2 has been for a long time. There is no SSL. There is only TLS.