TLS

TLS is the foundation of secure communication on the internet. When you see a padlock in your browser's address bar, TLS is what's protecting the connection — encrypting the data so that anyone intercepting the traffic can't read it, and verifying that you're actually talking to the server you think you are.

The protocol works in two phases. First, a handshake: the server presents its certificate, the client verifies it, and they negotiate the encryption parameters and exchange keys. Then the session: all subsequent data is encrypted using those keys.

TLS uses asymmetric cryptography (public/private key pairs) for the handshake and key exchange, then switches to symmetric encryption for the session data — symmetric is far faster for bulk data.

TLS versions matter

TLS 1.0 and 1.1 are deprecated and considered insecure. TLS 1.2 is the current baseline. TLS 1.3 (released 2018) simplified the handshake, removed weak cipher suites, and reduced connection latency — prefer it where supported.

Enabling only TLS 1.2+ and disabling older protocols is a standard hardening step on any public-facing server. Most compliance frameworks (PCI-DSS, HIPAA) require it.

SSL vs TLS

SSL (Secure Sockets Layer) was the predecessor to TLS, deprecated in the late 1990s. The terms are used interchangeably in practice — "SSL certificate" is a common shorthand even though the protocol has been TLS for decades. When someone says "SSL," they mean TLS.