TLS
TLS (Transport Layer Security) is the standard cryptographic protocol for securing data in transit over a network, succeeding SSL. It provides encryption, data integrity, and server (and optionally client) authentication using…
Definition
TLS (Transport Layer Security) is the standard cryptographic protocol for securing data in transit over a network, succeeding SSL. It provides encryption, data integrity, and server (and optionally client) authentication using certificates, and underlies HTTPS as well as many other secured protocols like SMTP, IMAP, and VPN tunnels.
Overview
TLS was first standardized by the IETF as TLS 1.0 in 1999, based directly on SSL 3.0, and has since evolved through TLS 1.1, 1.2 (2008), and 1.3 (2018), each version improving security and, in the case of 1.3, significantly simplifying the handshake and removing legacy, vulnerable cryptographic options. TLS 1.2 and 1.3 are the only versions considered secure today; TLS 1.0 and 1.1 have been formally deprecated by browsers and standards bodies. The TLS handshake establishes a secure channel: the client and server agree on a cipher suite, the server presents an X.509 certificate (issued by a trusted Certificate Authority) to prove its identity, and both sides derive shared symmetric session keys — using asymmetric cryptography for the initial key exchange (historically RSA, now typically Diffie-Hellman variants like ECDHE for forward secrecy) and fast symmetric encryption (like AES or ChaCha20) for the bulk of the session. TLS 1.3 reduced the handshake to one round trip (down from two) and removed obsolete algorithms, improving both speed and security. TLS is protocol-agnostic in the sense that it secures any TCP-based application protocol: HTTPS is HTTP over TLS, but TLS also secures email protocols (SMTPS, IMAPS), and is used inside VPN protocols like OpenVPN. Certificate validation, trusted CA chains, and features like Server Name Indication (SNI, allowing multiple TLS certificates on one IP) and OCSP stapling (efficient certificate revocation checking) are all part of the broader TLS ecosystem. TLS is foundational to modern internet trust: browsers mark non-TLS (HTTP) sites as 'Not Secure', search engines factor HTTPS into rankings, and TLS certificate issuance has been largely automated and made free via services like Let's Encrypt, driving near-universal HTTPS adoption on the web.
Specification
- Successor to SSL; TLS 1.2 and 1.3 are the only currently secure versions
- Certificate-based server (and optional client/mutual) authentication
- Combines asymmetric key exchange with fast symmetric session encryption
- TLS 1.3 reduces handshake round trips and drops legacy weak ciphers
- Forward secrecy via ephemeral key exchange (e.g. ECDHE)
- Underlies HTTPS as well as SMTPS, IMAPS, and many VPN protocols
- Server Name Indication (SNI) enables multiple certificates per IP address
Use Cases
History
Transport Layer Security is the cryptographic protocol that secures most Internet traffic, providing confidentiality, integrity, and authentication for protocols such as HTTPS. TLS was created by the IETF as the standardized successor to Netscape's SSL: TLS 1.0 was published as RFC 2246 in 1999, based on SSL 3.0 but with stronger cryptography. It evolved through TLS 1.1 (RFC 4346, 2006) and TLS 1.2 (RFC 5246, 2008), which added modern ciphers such as AES. The current version, TLS 1.3, was published as RFC 8446 in 2018; it removed legacy and insecure cryptographic options and streamlined the handshake to cut connection latency (including a 0-RTT resumption mode). TLS underpins secure web browsing, email, and countless other services.
Sources
- IETF — RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3 · as of 2026-07-17
- IETF — RFC 2246: The TLS Protocol Version 1.0 · as of 2026-07-17