Skip to main content

SSL

What Is TLS? Transport Layer Security Explained

The protocol that actually encrypts modern web traffic.

Quick answer

TLS (Transport Layer Security) is the cryptographic protocol that encrypts data between browsers and servers. It is the modern replacement for SSL, and it is what makes HTTPS secure.

TLS is the protocol that provides encryption, integrity and authentication for web connections. SSL is its deprecated predecessor; TLS 1.2 and TLS 1.3 are the versions in use today.

Check your website

See how your site handles what is tls? transport layer security explained — free, no account needed.

For business owners

You rarely configure TLS directly, but the version your server supports affects both security and trust-scan results. Outdated TLS versions (SSL 3.0, TLS 1.0, TLS 1.1) are considered insecure and can fail compliance checks, cause payment processors to reject you, and lower your trust score. Keeping TLS current is a quiet but important part of looking professional and passing audits.

How it works (technical)

TLS sits between the transport layer (TCP) and application protocols like HTTP. A connection begins with a handshake: the client and server negotiate a protocol version and cipher suite, the server presents its certificate, and they establish shared session keys using public-key cryptography.

TLS 1.3 (2018) streamlined this to a single round trip, removed weak ciphers, and made forward secrecy mandatory — meaning a stolen key cannot decrypt past traffic. TLS 1.2 remains widely supported; anything older should be disabled.

Real-world example

A SaaS company passed its penetration test except for one finding: the server still accepted TLS 1.0 for "old client compatibility". An attacker could force a downgrade to the weaker protocol. Disabling TLS 1.0/1.1 and enabling only TLS 1.2 and 1.3 closed the finding with no real-world users affected.

Why it matters

TLS version and cipher configuration are directly tested by security scanners, PCI DSS, and browser vendors. Weak or outdated TLS is one of the most common reasons a site fails a security review despite "having HTTPS".

How to fix it

  1. Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 on your server.

  2. Enable TLS 1.2 and TLS 1.3.

  3. Use a modern cipher suite — the Mozilla SSL Configuration Generator produces ready-to-paste configs.

  4. Enable OCSP stapling and forward secrecy where supported.

  5. Test the result with an external SSL analyser and aim for an A rating.

Best practices

  • Prefer TLS 1.3 where your audience's browsers support it.

  • Rotate and automate certificates rather than managing them by hand.

  • Review your TLS configuration whenever you change hosting or CDN.

Common mistakes

  • Leaving legacy TLS versions enabled "just in case".

  • Using weak or deprecated cipher suites (RC4, 3DES).

  • Assuming a valid certificate means the TLS configuration is also strong — they are separate.

Frequently asked questions

What is the difference between SSL and TLS?

They are the same idea at different stages of evolution. SSL was the original protocol; TLS replaced it. All secure connections today use TLS, even though the term "SSL" persists in everyday language.

Which TLS version should I use?

Support TLS 1.2 and TLS 1.3, and disable everything older. TLS 1.3 is the most secure and efficient.

Put this into practice

See how your site scores with Plexa Trust — start with a free scan, then unlock the complete audit on Pro.

Scan your website free

See Pro plans · Create account