TLS or SSL?
Many people, often use the terms TLS and SSL interchangeably. In fact, they often use
these terms incorrectly, so let’s try to set the record straight.
Transport Layer Security (TLS) is the Internet standard outlined in RFC 2246 for providing secure communications
between two applications. TLS is based on an application-layer encryption method developed
by Netscape Communications called SSL. TLS is based on SSL v3; the differences are barely
discernable to a noncrypto person, but they are different enough that the two are not natively interoperable.
However, any application that is written to work with the TLS standard provides allowances for
applications that support only SSL, and thus it is backward compatible.
SSL has become a de facto industry standard because of its widespread use. A number of RFCs have been
developed to encourage movement toward using standard TLS rather than simply SSL. These RFCs
include 2712, 2487, and 2830. This move toward TLS will likely be eased because TLS will work with clients
that support only SSL.
Exchange 2003 secure communications support TLS and thus also support SSL, though you will often
see people referring to this as exclusively SSL.
(reference from A. Exc. Admin 2003 :- Jim McBee)