Transport Layer Security - Web security | MDN (2024)

The security of any connection using Transport Layer Security (TLS) is heavily dependent upon the cipher suites and security parameters selected. This article's goal is to help you make these decisions to ensure the confidentiality and integrity of communication between client and server. The Mozilla Operations Security (OpSec) team maintains a wiki entry with reference configurations for servers.

The Transport Layer Security (TLS) protocol is the standard for enabling two networked applications or devices to exchange information privately and robustly. Applications that use TLS can choose their security parameters, which can have a substantial impact on the security and reliability of data. This article provides an overview of TLS and the kinds of decisions you need to make when securing your content.


When HTTPS was introduced, it was based on Secure Sockets Layer (SSL) 2.0, a technology introduced by Netscape. It was updated to SSL 3.0 not long after, and as its usage expanded, it became clear that a common, standard encryption technology needed to be specified to ensure interoperability among all web browsers and servers. The Internet Engineering Task Force (IETF) specified TLS 1.0 in RFC 2246 in January 1999. The current version of TLS is 1.3 (RFC 8446).

Despite the fact that the web now uses TLS for encryption, many people still refer to it as "SSL" out of habit.

Although TLS can be used on top of any low-level transport protocol, the original goal of the protocol was to encrypt HTTP traffic. HTTP encrypted using TLS is commonly referred to as HTTPS. TLS-encrypted web traffic is by convention exchanged on port 443 by default, while unencrypted HTTP uses port 80 by default. HTTPS remains an important use case for TLS.


TLS provides three primary services that help ensure the safety and security of data exchanged with it:


Authentication lets each party to the communication verify that the other party is who they claim to be.


Data is encrypted while being transmitted between the user agent and the server, in order to prevent it from being read and interpreted by unauthorized parties.


TLS ensures that between encrypting, transmitting, and decrypting the data, no information is lost, damaged, tampered with, or falsified.

A TLS connection starts with a handshake phase where a client and server agree on a shared secret and important parameters, like cipher suites, are negotiated. Once parameters and a data exchange mode where application data, such HTTP, is exchanged.

Cipher suites

The primary parameters that the TLS handshake negotiates is a cipher suite.

In TLS 1.2 and earlier, the negotiated cipher suite includes a set of cryptographic algorithms that together provide the negotiation of the shared secret, the means by which a server is authenticated, and the method that will be used to encrypt data.

The cipher suite in TLS 1.3 primarily governs the encryption of data, separate negotiation methods are used for key agreement and authentication.

Different software might use different names for the same cipher suites. For instance, the names used in OpenSSL and GnuTLS differ from those in the TLS standards. The cipher names correspondence table on the Mozilla OpSec team's article on TLS configurations lists these names as well as information about compatibility and security levels.

Configuring your server

Correctly configuring your server is crucial. In general, you should try to limit cipher support to the newest ciphers possible which are compatible with the browsers you want to be able to connect to your site. The Mozilla OpSec guide to TLS configurations provides more information on recommended configurations.

To assist you in configuring your site, Mozilla provides a helpful TLS configuration generator that will generate configuration files for the following Web servers:

  • Apache
  • Nginx
  • Lighttpd
  • HAProxy
  • Amazon Web Services CloudFormation Elastic Load Balancer

Using the configurator is a recommended way to create the configuration to meet your needs; then copy and paste it into the appropriate file on your server and restart the server to pick up the changes. The configuration file may need some adjustments to include custom settings, so be sure to review the generated configuration before using it; installing the configuration file without ensuring any references to domain names and the like are correct will result in a server that just doesn't work.

TLS 1.3

RFC 8446: TLS 1.3 is a major revision to TLS. TLS 1.3 includes numerous changes that improve security and performance. The goals of TLS 1.3 are:

  • Remove unused and unsafe features of TLS 1.2.
  • Include strong security analysis in the design.
  • Improve privacy by encrypting more of the protocol.
  • Reduce the time needed to complete a handshake.

TLS 1.3 changes much of the protocol fundamentals, but preserves almost all of the basic capabilities of previous TLS versions. For the web, TLS 1.3 can be enabled without affecting compatibility with some rare exceptions (see below).

The major changes in TLS 1.3 are:

  • The TLS 1.3 handshake completes in one round trip in most cases, reducing handshake latency.
  • A server can enable a 0-RTT (zero round trip time) handshake. Clients that reconnect to the server can send requests immediately, eliminating the latency of the TLS handshake entirely. Though the performance gains from 0-RTT can be significant, they come with some risk of replay attack, so some care is needed before enabling this feature.
  • TLS 1.3 supports forward-secure modes only, unless the connection is resumed or it uses a pre-shared key.
  • TLS 1.3 defines a new set of cipher suites that are exclusive to TLS 1.3. These cipher suites all use modern Authenticated Encryption with Associated Data (AEAD) algorithms.
  • The TLS 1.3 handshake is encrypted, except for the messages that are necessary to establish a shared secret. In particular, this means that server and client certificates are encrypted. Note however that the server identity (the server_name or SNI extension) that a client sends to the server is not encrypted.
  • Numerous mechanisms have been disabled: renegotiation, generic data compression, Digital Signature Algorithm (DSA) certificates, static RSA key exchange, and key exchange with custom Diffie-Hellman (DH) groups.

Implementations of draft versions of TLS 1.3 are available. TLS 1.3 is enabled in some browsers, including the 0-RTT mode. Web servers that enable TLS 1.3 might need to adjust configuration to allow TLS 1.3 to operate successfully.

TLS 1.3 adds just one significant new use case. The 0-RTT handshake can provide significant performance gains for latency sensitive applications, like the web. Enabling 0-RTT requires additional steps, both to ensure successful deployment and to manage the risks of replay attacks.

The removal of renegotiation in TLS 1.3 might affect some web servers that rely on client authentication using certificates. Some web servers use renegotiation to either ensure that client certificates are encrypted, or to request client certificates only when certain resources are requested. For the privacy of client certificates, the encryption of the TLS 1.3 handshake ensures that client certificates are encrypted; however this might require some software changes. Reactive client authentication using certificates is supported by TLS 1.3 but not widely implemented. Alternative mechanisms are in the process of being developed, which will also support HTTP/2.

Retiring old TLS versions

To help with working towards a more modern, more secure web, all major browsers began removing support for TLS 1.0 and 1.1 in early 2020. You'll need to make sure your web server supports TLS 1.2 or 1.3 going forward.

From version 74 onwards, Firefox will return a Secure Connection Failed error when connecting to servers using the older TLS versions (Firefox bug 1606734).

TLS handshake timeout values

If the TLS handshake starts to become slow or unresponsive for some reason, the user's experience can be affected significantly. To mitigate this problem, modern browsers have implemented handshake timeouts:

  • Since version 58, Firefox implements a TLS handshake timeout with a default value of 30 seconds. The timeout value can be varied by editing the network.http.tls-handshake-timeout pref in about:config.

See also

  • The Mozilla SSL Configuration Generator and can help you generate configuration files for your server to secure your site.
  • The Mozilla Operations Security (OpSec) team maintains a wiki page with reference TLS configurations.
  • Mozilla Observatory, SSL Labs, and Cipherscan can help you test a site to see how secure its TLS configuration is.
  • Secure Contexts
  • Strict-Transport-Security HTTP header
Transport Layer Security - Web security | MDN (2024)


What is transport level security in web security? ›

Transport-level security is based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath HTTP. HTTP, the most used Internet communication protocol, is currently also the most popular protocol for web services.

What is TLS in web programming? ›

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

What is difference between SSL and TLS? ›

SSL is technology your applications or browsers may have used to create a secure, encrypted communication channel over any network. However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities.

What are examples of transport layer security? ›

Common applications that employ TLS include Web browsers, instant messaging, e-mail and voice over IP.

Is SSL a transport layer security? ›

The SSL and TLS protocols provide communications security over the internet, and allow client/server applications to communicate in a way that is confidential and reliable. The protocols have two layers: a Record Protocol and a Handshake Protocol, and these are layered above a transport protocol such as TCP/IP.

Does TLS use Web services security? ›

Transport-level security is based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath HTTP. SSL and TLS provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections.


HTTPS today uses Transport Layer Security, or TLS. TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network. Earlier, less secure versions of this protocol were called Secure Sockets Layer, or SSL).

Why is TLS more secure than SSL? ›

While SSL provides keyed message authentication, TLS uses the more secure Key-Hashing for Message Authentication Code (HMAC) to ensure that a record cannot be altered during transmission over an open network such as the Internet.

Do I need TLS on my website? ›

TLS/SSL certificates improve SEO

It's no secret that a secure internet is a better internet. That's why most major browsers require TLS/SSL certificates—and boost the results of websites that are secured by digital certificates. This includes all major search engines and all browser types.

Which is safer TLS or SSL? ›

HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.

Which is more secure SSL or TLS? ›

TLS is an updated, more secure version of SSL. We still refer to our security certificates as SSL because it's a more common term, but when you buy SSL from DigiCert, you get the most trusted, up-to-date TLS certificates.

What encryption does TLS use? ›

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.

What is a real life example of transport layer? ›

This layer represents the physical medium which is carrying the traffic between two nodes. An example would be your Ethernet cable or Serial Cable.

Is firewall a transport layer? ›

Firewalls typically work on the network layer, the transport layer.

Why HTTPS works at transport layer? ›

How does HTTPS work? HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This protocol secures communications by using what's known as an asymmetric public key infrastructure.

What are the vulnerabilities of TLS? ›

One of the most common TLS security risks is the use of weak ciphers. Attackers can crack weak ciphers easily, thereby allowing them to gain access to sensitive data. Some other TLS vulnerabilities include Padding Oracle on Downgraded Legacy Encryption (POODLE), man-in-the-middle (MITM), and so on.

What are the two protocols that TLS uses? ›

The protocol was renamed TLS to avoid legal issues with Netscape, which developed the SSL protocol as a key part of its original web browser. According to the protocol specification, TLS is composed of two layers: the TLS record protocol and the TLS handshake protocol.

What is the difference between SSL and HTTPS? ›

What is the difference between SSL and HTTPS? HTTPS is a combination of the Hypertext Transfer Protocol (HTTP) with either SSL or TLS. It provides encrypted communications and a secure ID of a web server. SSL is simply a protocol that enables secure communications online.

What are the 3 main security purposes of TLS? ›

There are three main components to what the TLS protocol accomplishes: Encryption, Authentication, and Integrity.

Is TLS considered a VPN? ›

TLS is a VPN protocol that replaced the existing Secure Sockets Layer (SSL) protocol in 1999. SSL was the first security protocol to lock down web traffic at the Transport Layer of the OSI networking model (layer 4). However, hackers soon found ways to compromise SSL data encryption.

What is the difference between TLS and AES? ›

TLS is a set of industry-standard cryptographic protocols used for encrypting information that is exchanged over the network. AES-256 is a 256-bit encryption cipher used for data transmission in TLS.

Why is SSL no longer used? ›

Is SSL still up to date? SSL has not been updated since SSL 3.0 in 1996 and is now considered to be deprecated. There are several known vulnerabilities in the SSL protocol, and security experts recommend discontinuing its use. In fact, most modern web browsers no longer support SSL at all.

What is difference between HTTP and TSL? ›

HTTPS is the combination of HTTP and SSL/TSL and is used to encrypt the communication between server and browser. SSL is a cryptographic protocol that ensures secure and encrypted communication over the internet. TLS/SSL can be also be utilized to secure other app-specific protocols apart from HTTPS.

Why was SSL renamed to TLS? ›

At the time there were big political fights between Netscape and Microsoft for dominance over the Web. To please Microsoft the protocol name Secure Sockets Layer (SSL) was renamed to Transport Layer Security (TLS).

Can TLS be hacked? ›

It encrypts data using various algorithms, such as the Advanced Encryption Standard (AES), to prevent eavesdropping, tampering, and forgery. However, TLS is not immune to vulnerabilities and attacks that can compromise its security and expose sensitive information.

Why is TLS insecure? ›

Risk of outdated TLS protocols

TLS 1.0 and 1.1 are vulnerable to downgrade attacks since they rely on SHA-1 hash for the integrity of exchanged messages. Even authentication of handshakes is done based on SHA-1, which makes it easier for an attacker to impersonate a server for MITM attacks.

Do you need both SSL and TLS? ›

Simply put, it's up to you. Most browsers will allow the use of any SSL or TLS protocol. However, credit unions and banks should use TLS 1.1 or 1.2 to ensure a protected connection. The later versions of TLS will protect encrypted codes against attacks, and keep your confidential information safe.

What are the 3 types of certificates? ›

There are three recognized categories of SSL certificate types:
  • Extended Validation (EV)
  • Organization Validation (OV)
  • Domain Validation (DV)

Does TLS require authentication? ›

The Transport Layer Security (TLS) is a protocol designed to provide secure communication over the Internet and includes authentication, confidentiality and integrity. When a TLS connection is established the server provides a certificate that the client validates before trusting the server's identity.

Does TLS require private key? ›

You do need the private key. It's used in the SSL/TLS handshake to sign a challenge. This is the only way you can prove that you're the rightful holder of the client certificate (which itself is public).

What are the three most common security errors with TLS certificates? ›

7 Common Mistakes: TLS Certificate Management
  • Not having a complete inventory of your certificates. ...
  • Using outdated and deprecated protocols. ...
  • Relying on short key lengths. ...
  • Using self-signed certificates. ...
  • Lack of certificate protection policies and practices. ...
  • Overly long certificate lifespans.

Which TLS encryption is most secure? ›

One of the key reasons why TLS 1.3 is considered more secure than any of its predecessors is because of how it approaches forward secrecy, an encryption implementation method. Although forward secrecy was possible in older TLS versions, it was only optional. But with TLS 1.3, forward secrecy is mandatory.

Why HTTPS not used for all web traffic? ›

There are several reasons why HTTPS is not used for all web traffic: Cost: Implementing HTTPS requires an SSL or TLS certificate, which can be expensive for some organizations. Smaller websites may not have the budget to purchase and maintain a certificate.

Is Gmail SSL or TLS? ›

By default, Gmail always tries to use a secure TLS connection when sending email.

Is TLS enough for encryption? ›

TLS encryption is a good option for many organizations dealing with sensitive data and legal requirements. However, TLS does not protect data at rest. Each organization must undertake their own risk assessment to determine which encryption methods are suitable to fulfill legal requirements.

Is VPN more secure than TLS? ›

The strengths of using a VPN are:

An extra layer of protection. Even if you're on a website with SSL/TLS, you have another layer of protection for your traffic. Protection against a Man in the Middle Attack.

Does TLS encrypt every packet? ›

The first thing to be sent over the connection is a SSL/TLS handshake, and all application data will be sent encrypted. HTTPS will always be Implicit SSL.

What is better than TLS encryption? ›

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP that uses SSL or TLS to encrypt data. HTTP and HTTPS use the same methods to transfer data, but HTTPS is more secure because it uses encryption.

Does TLS use keys? ›

The TLS (historically known as "SSL") protocol uses both asymmetric/public key and symmetric cryptography, and new keys for symmetric encryption have to be generated for each communication session. Such keys are called "session keys."

What is transport layer in simple words? ›

The transport layer is Layer 4 of the Open Systems Interconnection (OSI) communications model. It is responsible for ensuring that the data packets arrive accurately and reliably between sender and receiver. The transport layer most often uses TCP or User Datagram Protocol (UDP).

What are the two most common transport layer protocols? ›

Transport layer protocols, namely, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), identify applications communicating with each other by means of port numbers.

What are the three protocols used in the transport layer? ›

Three transport protocols are used in IMS: Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP).

Is HTTP a transport layer? ›

HTTP is an application layer protocol designed within the framework of the Internet protocol suite. Its definition presumes an underlying and reliable transport layer protocol, thus Transmission Control Protocol (TCP) is commonly used.

Is VPN a transport layer protocol? ›

VPNs can be designed based on communication taking place on Layer 3, the net- work layer, in the Open Systems Interconnection model (OSI model), or on Layer 4, the transport layer. OSI is a conceptual model that shows how various computer systems can commu- nicate with one another.

Is HTTP part of transport layer? ›

TCP is a transport-layer protocol that provides a reliable, full duplex, connection-oriented data transmission service. Most Internet applications use TCP. HTTP is an application-layer protocol that is used for distributed, collaborative, hypermedia information systems.

What is transport layer security TLS? ›

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.

How secure is transport layer security TLS? ›

TLS ensures that no third party may eavesdrop or tampers with any message. There are several benefits of TLS: Encryption: TLS/SSL can help to secure transmitted data using encryption.

What is the port 443 used for? ›

Port 443 is a virtual port that computers use to divert network traffic. Billions of people across the globe use it every single day. Any web search you make, your computer connects with a server that hosts that information and fetches it for you. This connection is made via a port – either HTTPS or HTTP port.

What is transport security? ›

It also includes the various measures along the transport chain to maintain security, such as cargo and passenger monitoring. Physical security measures. Ensuring that the infrastructures, namely the modes and terminals, are secure in terms of access. Employee security measures.

What is the difference between message level and transport level security? ›

Transport-layer security does not span multiple hops. This means, an intermediate hop might be able to read the message. To achieve end-to-end security, you must therefore use message-layer security. Using message-layer security, the message itself is secure and does not change when sent over multiple hops.

What is the difference between application level security and transport level security? ›

Application layer encryption should be used when NOTHING else should have access to the data even on the same machine. Transport layer encryption should be used when you don't want people listening into the data when it is in transport and no longer on the machine it was created on.

What is transport vs message security? ›

In sum, transport-layer security provides integrity and confidentiality, while message-layer security provides a variety of credentials that are not possible with strict transport security mechanisms.

How TLS works? ›

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.

What layer is TLS? ›

The TLS (and SSL) protocols are located between the application protocol layer and the TCP/IP layer, where they can secure and send application data to the transport layer. Because the protocols work between the application layer and the transport layer, TLS and SSL can support multiple application layer protocols.

Why is transport security important? ›

Safety and security issues concern both transportation modes and terminals that can be either a target for terrorism, a vector to conduct illegal activities, and even a form of warfare.

What are the three 3 levels of security measure? ›

The security features governing the security of an identity can be divided into three levels of security, i.e. Level 1 Security (L1S) (Overt), Level 2 Security (L2S) (Covert) and Level 3 Security (L3S) (Forensic).

What are the three levels of system security? ›

There are three primary areas or classifications of security controls. These include management security, operational security, and physical security controls.

What are the three levels of security networking? ›

Three Levels of Network Security in Organizations
  • Minimalist. These organizations do the bare minimum. They likely have a firewall but do not actively manage it. ...
  • Moderate. These organizations likely have some element of security compliance requirements. ...
  • Active and Aggressive. The leaders of the pack.
Jun 15, 2021

What are the 4 levels of security? ›

The best way to keep thieves at bay is to break down security into four layers: deterrence, access control, detection and identification.

What kind of security is needed for Web services? ›

Authentication, integrity, and confidentiality are the core security capabilities of Web services security.

What are the four classes of security control? ›

Some of the more common ones are firewalls, intrusion detection and prevention systems, access control lists, and cryptographic technologies. Each of these controls serves a different purpose.

Is Transport Layer Security encrypted? ›

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.

How is message encryption different from transport encryption? ›

The main difference between Transport and Message Security in WCF is that the transport security secure the actual transport (pipe) that sends the messages from client to a service while message security secures the message itself that passes from the client to a service.

Which of the following is an advantage of message security over transport security? ›

Securing the message with message-level security instead of transport-level security has the following advantages: End-to-end security. Transport security, such as Secure Sockets Layer (SSL) only secures messages when the communication is point-to-point.


Top Articles
Latest Posts
Article information

Author: Reed Wilderman

Last Updated:

Views: 5623

Rating: 4.1 / 5 (72 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Reed Wilderman

Birthday: 1992-06-14

Address: 998 Estell Village, Lake Oscarberg, SD 48713-6877

Phone: +21813267449721

Job: Technology Engineer

Hobby: Swimming, Do it yourself, Beekeeping, Lapidary, Cosplaying, Hiking, Graffiti

Introduction: My name is Reed Wilderman, I am a faithful, bright, lucky, adventurous, lively, rich, vast person who loves writing and wants to share my knowledge and understanding with you.