Glossary · Definition
TLS
TLS (Transport Layer Security) is the encryption protocol that wraps any TCP connection in an authenticated, encrypted tunnel. It's what makes HTTPS, secure SMTP, and most modern internet traffic private.
Definition
TLS (Transport Layer Security) is the encryption protocol that wraps any TCP connection in an authenticated, encrypted tunnel. It's what makes HTTPS, secure SMTP, and most modern internet traffic private.
What it means
A TLS connection starts with a handshake: the client and server agree on a cipher suite, exchange keys (typically using ECDHE for forward secrecy), and verify the server's certificate against a trusted Certificate Authority. After the handshake, both sides hold a shared symmetric key and encrypt all subsequent data with it. TLS 1.3 (2018) cut the handshake from two round-trips to one, removed every legacy cipher (no more RSA key exchange, no more SHA-1, no more CBC mode), and made forward secrecy mandatory — meaning recording a session today and stealing the server's private key tomorrow doesn't decrypt the recorded traffic.
Advertisement
Why it matters
TLS is the boundary between 'private network conversation' and 'plaintext on the internet'. Any app that stores user data, takes a payment, or carries a session token needs TLS in production. Free certificates (Let's Encrypt, ZeroSSL) and managed termination (Cloudflare, Vercel, AWS) make 'HTTPS by default' the path of least resistance. Configuration matters: the SSL Labs test grades TLS deployments and flags weak ciphers, missing OCSP stapling, or expired certs.
Frequently asked questions
TLS vs SSL?
SSL is the obsolete name — SSL 3.0 was deprecated in 2015 due to the POODLE attack. Everyone says 'SSL certificate' but the protocol is TLS.
What is forward secrecy?
A property where stealing the server's long-term private key doesn't let an attacker decrypt past traffic, because each session derives a fresh ephemeral key. TLS 1.3 mandates it; TLS 1.2 supports it via ECDHE cipher suites.
What is mTLS?
Mutual TLS — both client and server present certificates. Common in service-to-service auth and zero-trust networks.
Related terms
- DefinitionSSLSSL (Secure Sockets Layer) is the obsolete encryption protocol that became TLS in 1999. The term stuck culturally — 'SSL certificate' actually means a TLS certificate today — but every secure connection on the modern web is TLS, not SSL.
- DefinitionHTTPSHTTPS is HTTP wrapped in a TLS-encrypted tunnel. Everything between your browser and the server — URLs, form data, cookies, response bodies — is encrypted in transit so a network observer (cafe Wi-Fi, ISP, anyone in between) can't read it or change it.