[cm2187]

But TLS is too often advocated as a replacement for SSL. It just isn't. It is something else, less secure.

[Ded7xSEoPKYNsDd]

TLS is just a new name for SSL from version 3.1 onwards. It's much more secure then those older SSL versions.

STARTTLS, a protocol used to negotiate SSL/TLS in some plain text protocols, is problematic if it isn't enforced. Some software stupidly abbreviates STARTTLS to TLS in the GUI, which is a source of constant confusion.

[icebraining]

How is TLS less secure? Accepting unsecured connections is a problem of the client, not the protocol.

[wolf550e]

using STARTTLS is not a good replacement for using a connection that is secure from the start, but TLS _is_ a replacement for SSL.