en

TLS (Transport Layer Security) is a cryptographic protocol that encrypts data between a client and a server. It is TLS that turns ordinary HTTP into secure HTTPS, ensuring the privacy of the exchange and the authenticity of the site. TLS is the successor to the outdated SSL protocol.

How the TLS handshake works

Before any data is exchanged, the client and the server perform a handshake: they agree on the protocol version and the cipher suite, the server presents its certificate, and the two sides settle on a shared key. In its very first message the client states which domain it needs — that is the job of the SNI extension, which makes it possible to host many sites on a single IP address.

What TLS gives you

The protocol solves three security problems at once:

  • Encryption — traffic cannot be read if it is intercepted.
  • Authentication — the certificate confirms that the domain really belongs to this site.
  • Integrity — the data cannot be tampered with unnoticed along the way.

Together with a reverse proxy, TLS is often "terminated" at the edge, offloading the encryption work from the application.

TLS: secure HTTPS connection
Learn more