anavem.
Back to Glossary
T

TLS (Transport Layer Security)

TLS is a cryptographic protocol that secures data in transit by providing encryption, authentication, and integrity between communicating systems.

What is TLS?

Transport Layer Security (TLS) is the modern, secure protocol used to encrypt communications over networks, most commonly between web browsers and servers. TLS protects data against eavesdropping, tampering, and impersonation. TLS is the successor to SSL, which is now deprecated and insecure.

Why TLS matters

TLS is critical because it:

  • Ensures confidentiality of data in transit
  • Authenticates servers (and optionally clients)
  • Preserves data integrity during transmission
  • Enables secure web browsing (HTTPS)
  • Protects APIs, email, VPNs, and cloud services

Without TLS, sensitive data can be intercepted or modified.

How TLS works (simplified)

A typical TLS connection follows these steps:

  1. The client initiates a secure connection
  2. The server presents a digital certificate
  3. The client verifies the certificate via PKI
  4. Cryptographic keys are negotiated (handshake)
  5. Encrypted communication begins

Modern TLS uses ephemeral key exchange to support forward secrecy.

TLS versions

Common TLS versions include:

  • TLS 1.0 / 1.1 – deprecated and insecure
  • TLS 1.2 – widely supported and secure when properly configured
  • TLS 1.3 – current standard, faster and more secure

Best practice is to allow TLS 1.2 and TLS 1.3 only, preferably TLS 1.3.

TLS and certificates

TLS relies on digital certificates:

  • Certificates bind a domain or service to a public key
  • Issued by trusted Certificate Authorities (CAs)
  • Verified during the TLS handshake

Certificates can authenticate servers and, in some cases, clients (mutual TLS).

TLS use cases

TLS is used in many contexts, including:

  • HTTPS websites
  • REST and GraphQL APIs
  • Email transport (SMTP, IMAP, POP over TLS)
  • VPN tunnels
  • Cloud service communication
  • Microservices and service meshes

It is the backbone of secure internet communication.

TLS security considerations

While TLS is robust, risks remain if misconfigured:

  • Allowing deprecated protocols or weak cipher suites
  • Using expired or misissued certificates
  • Improper certificate validation
  • Disabling hostname verification

Correct configuration and monitoring are essential.

TLS vs SSL

  • SSL: legacy, deprecated, insecure
  • TLS: modern, secure protocol in active use

The term "SSL" is often used colloquially but typically means TLS.

Common misconceptions

  • "TLS guarantees a website is trustworthy"
  • "Encryption protects against all attacks"
  • "TLS is only for websites"
  • "Once enabled, TLS needs no maintenance"