Definition

What is Transport Layer Security (TLS)?

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy and data integrity between two communicating computer applications.

TLS is the most widely deployed security protocol in use today and is best suited for web browsers and other applications that require data to be securely exchanged over a network. This includes web browsing sessions, file transfers, virtual private network connections, remote desktop sessions and voice over Internet Protocol (IP). TLS is integrated into modern cellular transport technologies, including 5G, to protect core network functions throughout the radio access network.

How does Transport Layer Security work?

TLS uses a client-server handshake mechanism to establish an encrypted and secure connection and ensure the communication's authenticity. The following is a breakdown of the process:

  1. Communicating devices exchange encryption capabilities.
  2. An authentication process occurs using digital certificates to help prove the server is the entity it claims to be.
  3. A session key exchange occurs. During this process, clients and servers must agree on a key to establish the fact that the secure session is indeed between the client and server -- and not something in the middle attempting to hijack the conversation.
A diagram showing the elements of the TLS handshake process.
The TLS handshake process

TLS uses a public key exchange process to establish a shared secret between the communicating devices. The two handshake methods are the Rivest-Shamir-Adleman and the Diffie-Hellman key exchange. Both methods establish a shared secret between communicating devices so the communication can't be hijacked. Once the keys are exchanged, data transmissions between devices on the encrypted session can begin.

What is an SSL certificate?

A Secure Sockets Layer (SSL) certificate is a digital authentication of a website's identity that provides encrypted communication with the site. SSL is the predecessor to TLS. It generates an encrypted link between the user's browser and the web server hosting the website.

What is a CA?

A certificate authority (CA) provides digital certificates that verify the public key ownership of whoever holds the certificate. It's essentially a third party between the owner of the SSL certificate and the user who must trust its authenticity.

The CA validates the identities of companies, individuals, websites and email accounts -- or any other entity that requires that validation -- and binds them to cryptographic keys via the certificate. The certificate provides authentication of identity, encryption of connections over the internet and the integrity of documents signed via the certificate.

History and development of TLS

TLS evolved from Netscape Communications Corp.'s SSL protocol and has largely superseded it, although the terms SSL or SSL/TLS are still sometimes used interchangeably. IEFT officially took over the SSL protocol to standardize it with an open process and released version 3.1 of SSL in 1999 as TLS 1.0. The protocol was renamed TLS to avoid legal issues with Netscape, which developed the SSL protocol as a key part of its original web browser. According to the protocol specification, TLS is composed of two layers: the TLS record protocol and the TLS handshake protocol. The record protocol provides connection security, while the handshake protocol enables the server and client to authenticate each other and to negotiate encryption algorithms and cryptographic keys before any data is exchanged.

The most current version of TLS, 1.3, was officially finalized by IETF in 2018. The primary benefit over previous versions of the protocol is added encryption mechanisms when establishing a connection handshake between a client and server. While earlier TLS versions offer encryption as well, TLS 1.3 establishes an encrypted session earlier in the handshake process. Additionally, the number of steps required to complete a handshake is reduced, substantially lowering the amount of time it takes to complete a handshake and begin transmitting or receiving data between the client and server.

Another enhancement of TLS 1.3 is that several cryptographic algorithms used to encrypt data were removed, as they were deemed obsolete and weren't recommended for secure transport. Additionally, some once-optional security features are now required. For example, Message-Digest Algorithm 5 cryptographic hashes are no longer supported, perfect forward secrecy is required and Rivest Cipher 4 negotiation is prohibited. This eliminates the chance that a TLS-encrypted session uses a known-insecure encryption algorithm or method in TLS version 1.3.

The benefits of Transport Layer Security

The benefits of TLS are straightforward when discussing using versus not using TLS. As noted above, a TLS-encrypted session provides a secure authentication mechanism, data encryption and data integrity checks. However, when comparing TLS to another secure authentication and encryption protocol suite, such as IP Security, TLS offers added benefits and is why IPsec is being replaced with TLS in many enterprise deployment situations. These include benefits such as the following:

  • Security is built directly into each application, as opposed to external software or hardware to build IPsec tunnels.
  • There's end-to-end encryption between communicating devices.
  • There's granular control over what can be transmitted or received on an encrypted session.
  • Since TLS operates within the upper layers of the Open Systems Interconnection (OSI) model, it doesn't have the network address translation complications inherent with IPsec.
  • TLS offers logging and auditing functions built directly into the protocol.

The challenges of TLS

There are a few drawbacks when it comes to either not using secure authentication or any encryption -- or when deciding between TLS and other security protocols, such as IPsec. The following are a few examples:

  • Because TLS operates at Layers 4 through 7 of the OSI model, as opposed to Layer 3, which is the case with IPsec, each application and each communication flow between client and server must establish its own TLS session to gain authentication and data encryption benefits.
  • The ability to use TLS depends on whether each application supports it.
  • Since TLS is implemented on an application-by-application basis to achieve improved granularity and control over encrypted sessions, it comes at the cost of increased management overhead.
  • Now that TLS has become popular, threat actors are more focused on discovering and exploiting potential TLS exploits that can be used to compromise data security and integrity.

Differences between TLS and SSL

As mentioned previously, SSL is the precursor to TLS. Thus, most of the differences between the two are evolutionary, as the protocol adjusts to address vulnerabilities and improve implementation and integration capabilities.

Key differences between SSL and TLS that make TLS a more secure and efficient protocol are message authentication, key material generation and the supported cipher suites, with TLS supporting newer and more secure algorithms. TLS and SSL aren't interoperable, though TLS currently provides some backward compatibility to work with legacy systems. Additionally, TLS -- especially later versions -- completes the handshake process much faster than SSL. Thus, lower communication latency from an end-user perspective is noticeable.

What's the difference between TLS and HTTPS?

This is almost a trick question, but it's useful to understand how the pieces all fit together. TLS encryption is, abstractly, a security protocol that lives between the web browser and the web server. It is somewhat common to think that TLS and HTTPS are interchangeable because HTTPS -- also a protocol -- is, in fact, a combination of the two. Put another way, if a website uses HTTPS, it's using TLS encryption -- technically a TLS connection.

Attacks against TLS/SSL

Implementation flaws have always been a big problem with encryption technologies, and TLS is no exception. Even though TLS/SSL communications are considered highly secure, there have been instances where vulnerabilities were discovered and exploited. However, remember that the examples mentioned below were vulnerabilities in TLS version 1.2 and earlier. All known vulnerabilities against prior versions of TLS, such as Browser Exploit Against SSL/TLS (BEAST), Compression Ratio Info-leak Made Easy (CRIME) and protocol downgrade attacks, have been eliminated through TLS version updates. Examples of significant attacks or incidents include the following:

  • The infamous Heartbleed bug resulted from a surprisingly small bug vulnerability discovered in a piece of cryptographic logic related to OpenSSL's implementation of the TLS heartbeat mechanism, which is designed to keep connections alive even when no data is being transmitted.
  • Although TLS isn't vulnerable to the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack because it specifies that all padding bytes must have the same value and be verified, a variant of the attack has exploited certain implementations of the TLS protocol that don't correctly validate encryption padding byte requirements.
  • The BEAST attack, discovered in 2011, affected version 1.0 of TLS. The attack focused on a vulnerability in the protocol's cipher block chaining mechanism. This vulnerability enabled an attacker to capture and decrypt data being sent and received across the secure communications channel.
  • An optional data compression feature found within TLS led to the vulnerability known as CRIME. This vulnerability can decrypt communication session cookies using brute-force methods. Once compromised, attackers can insert themselves into the encrypted conversation.
  • The Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) vulnerability, like CRIME, uses compression as its exploit target. However, BREACH and CRIME differ because BREACH compromises HTTP compression instead of TLS compression. Even if TLS compression isn't enabled, BREACH can compromise the session.

How does TLS affect web application performance?

When a TLS connection springs to life between a web browser and a web server, some computer power is used to set it up with a few messages back and forth between them before any data. The handshake takes just a few milliseconds.

Once the TLS handshake has occurred, supporting technologies keep TLS running quickly: TLS False Start, which allows the web server and client to begin pitching and catching data before the handshake completion, and TLS Session Resumption, which uses an abbreviated handshake when a previously established session is resumed. TLS 1.3 completes the handshake in a single round trip between server and client.

How do I check if a website is using TLS encryption?

Several free TLS checker tools are available to test whether a TLS connection is in place between a web browser and a web server. One example is SSL Server Test from Qualys. Browsers, including Microsoft Edge and Firefox, also include tools to check a website's TLS version. It's also easy to check a web browser's supported TLS versions using SSL/TLS Client Test from BrowserLeaks.

Critical network services, such as domain name system (DNS), must be protected against security breaches. Explore best practices for securing the integrity and privacy of DNS.

This was last updated in February 2025

Continue Reading About What is Transport Layer Security (TLS)?

Dig Deeper on Network security