What Is the Difference Between SSL/TLS vs. SSH, HTTP vs. HTTPS, and FTP vs. SFTP?


The purpose of this article is to provide some principles to help you figure out various distinct secure communication protocols, which are poorly labeled in such a way and often impossible to tell one from the other.


SSL stands for “Secure Socket Layer,” a cryptographic protocol created by Netscape in 1995 with the release of SSL 2.0. SSL uses 256-bit encryption to provide authentication, trust, and data protection between your web server and your visitors’ web browsers, preventing vulnerability attacks.

To enable SSL for secure communication on your website, it requires an SSL certificate issued by a reputable Certificate Authority (CA) such as Symantec (VeriSign), GeoTrust, RapidSSL, Comodo, and others. An SSL certificate is a short text file that is uploaded to the server of a website and links a cryptographic key to that site.


TLS is the successor of SSL, and it was first introduced in 1999 as an improved version of SSL 3.0. TLS stands for “Transport Layer Security,” and it is a more secure variant of the Secure Socket Layer protocol. Before transmitting data, TLS allows the server and browser to authenticate each other and negotiate an encryption algorithm and cryptographic keys.

It’s worth noting that these security certificates are still commonly (and wrongly) referred to as SSL in today’s world, simply because it’s a more widely used term, but, when someone buys an SSL certificate, they’re purchasing the most recent TLS certificates.


Secure Socket Shell (SSH) is a UNIX-based command interface and cryptographic network protocol that ensures data confidentiality and integrity over an unprotected network in a client-server scenario.

SSH allows administrators to securely access a remote computer and run commands.


SSH is used to create a secure tunnel to another computer from which you can issue commands, transfer data, and so on.

SSL, on the other hand, is used to securely send data between two parties; unlike SSH, it does not allow you to issue instructions.


HTTPS Stands for Hypertext Transfer Protocol Secure, HTTPS is a protocol that enables encrypted communication over HTTP (Hypertext Transfer Protocol) within a secure connection (TLS). Setting up an SSL certificate on your web server, which provides a secure connection between the web server and the web browser, is required to enable HTTPS on your site.

With HTTPS, it protects data on your server against eavesdroppers and man-in-the-middle attack. HTTP (not secure) has been phased out and replaced by HTTPS.  All websites should now support HTTPS as the de facto standard for secured communication.


FTP stands for File Transfer Protocol, which has been in use since 1980, as a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP sends data in cleartext, including username and password, allowing attackers to steal, spoof and even modify the data transmitted. You should not use FTP.

SFTP, or SSH File Transfer Protocol, is a completely different file transfer protocol that has little to do with FTP. SFTP is often used in conjunction with an SSH connection. It has existed since the late 1990s. SFTP provide secure file transfer from/to a remote computer to deliver secure communications.

Security Is a High Priority at phpGrid

At phpGrid, we value security in high priority in all our product. We also encourage our users to adapt using of above mentioned secure web protocols in their web applications.

Announcing phpGrid v7.6!