Avast Academy Security Security Tips TLS Explained: What Is Transport Layer Security and How Does It Work?

TLS Explained: What Is Transport Layer Security and How Does It Work?

Transport layer security (TLS) is a critical feature that’s essential to securing the internet’s infrastructure. Learn how the TLS protocol works and how it helps to keep your connection safe wherever you go online. Then, get a VPN from the industry leaders in cybersecurity to help you protect your personal data and access the content you love.

Written by Crissy Joshua
Published on November 21, 2023

What is transport layer security and what does it do?

Transport layer security (TLS) is a security protocol that encrypts data sent over a network like the internet — typically between a client device, such as a computer or smartphone, and a web server that hosts the content that device is accessing.

Hamburguer menu icon

This Article Contains :

    As well as connections between web browsers and websites, common examples of TLS implementation include internet applications like email and instant messaging, and VoIP (Voice over Internet Protocol) telephony.

    TLS has become one of the Internet Engineering Task Force’s (IETF) standard security protocols. It contains advanced, integrated encryption algorithms that provide an extra layer of security — essential for reducing the risk of hackers and malware hijacking connections between online devices.

    What is datagram transport layer security (DTLS)?

    Datagram transport layer security (DTLS) is a protocol based on TLS used to secure datagram-based applications, such as video conferencing, VPNs, internet telephony (VoIP), and online gaming and streaming.

    DTLS works with the user data protocol (UDP) — which supports data transfers across networks — to provide a secure, rapid connection for live messaging and broadcasting.

    So, what is the transport layer?

    The transport layer is a part of networking and appears in both the OSI model (Open Systems Interconnection model) and the TCP/IP model (Transmission Control Protocol/Internet Protocol model).

    In the OSI model, TLS operates on four layers: Application, Presentation, Session, and Transport; in the TCP/IP model, it operates only on the Transport layer.

    The OSI model is a framework that represents the following network communication methods:

    • Application: Provides access to a network (e.g., a browser), including the internet.

    • Presentation: Defines data type and formatting, alongside encryption capabilities.

    • Session: Establishes a channel of communication between devices, manages the duration of sessions, and terminates sessions when applicable.

    • Transport: Processes messages within the end-to-end connection.

    • Network: Moves data packets and reassembles them when they reach their destination.

    • Data link: Takes data packets from the network layer and puts them into individual frames, which are sent from one device to another.

    • Physical: Transmits raw data (known as data bits) and handles the speed at which they are managed.

    The TCP/IP model is a set of rules that enable computers to connect to the internet and other networks.

    • Application: The user interface, like a browser or other web-enabled application.

    • Transport: Ensures a reliable connection between devices.

    • Internet: Also known as the network layer, it controls the movement of network data packets.

    • Data link: Handles the physical parts of data movement.

    A diagram of the TCP/IP model splitting data into packets and delivering it through 4 different layers.The TCP/IP model splits data into packets and delivers it through 4 different layers.

    What is the difference between SSL and TLS?

    The purpose of Secure Sockets Layer (SSL) and TLS is the same: to establish a secure network connection between two computer systems online. TLS is the successor to SSL, and it was developed to fix vulnerabilities in SSL by using more advanced cryptography.

    • Secure Sockets Layer (SSL) was the first cryptographic protocol to authenticate and exchange data between client devices, applications, and servers. SSL had three versions (1.0, 2.0, and 3.0), although the first was never publicly released due to security flaws. All versions have now been deprecated, but some websites continue to use SSL.

    • Transport layer security (TLS) offers higher levels of security. TLS 1.0 was established in 1999, TLS 1.1 in 2006, and TLS 1.2 in 2008. TLS 1.3 was released in 2018 and is now used by most websites. TLS uses 256-bit AES encryption, which is harder to decipher than other algorithms like RSA encryption, which early SSL versions used.

    What is a TLS certificate?

    A TLS certificate, still commonly called an SSL/TLS certificate, is a data file that certifies the ownership of a public key. It lets web browsers identify that it’s safe to establish a connection to websites. TLS certificates form part of the authentication process between a client device (like your computer or phone) and the server that stores and delivers the content you’re accessing.

    Individuals and organizations providing websites and apps for public use must obtain an SSL/TLS certificate from an approved certificate authority, such as IdenTrust, DigiCert, or Sectigo.

    An SSL/TLS certificate contains the following information:

    • Domain name

    • SSL/TLS version

    • Issue date and expiration date

    • Server public key information

    • Issuing certification authority and digital signature

    What is the difference between TLS and HTTPS?

    TLS and HTTPS are both protocols. HTTP (Hypertext Transfer Protocol) allows a connection between an internet browser and a web server, while TLS and SSL are encryption protocols. When TLS or SSL is added on top of HTTP, this is known as HTTPS (Hypertext Transfer Protocol Secure).

    Put simply, the ‘S’ part of HTTPS refers to SSL/TLS. HTTPS websites encrypt the data sent between your device and the web server, which is why you shouldn’t use HTTP sites for making purchases or entering other sensitive data.

    How does TLS work?

    TLS works by establishing a secure connection between a client device like your computer or phone and a web server that holds the content you’re accessing. TLS authenticates a connection before encrypting the data that travels over that connection.

    To understand how TLS authenticates connections, you need to understand the handshake protocol, which is an important part of how cryptography secures communications.

    In cryptography, a key is like a secret code for encrypting and decrypting data. A public key is known to all parties in the network connection, while a private key is known only to one party.

    There are two different types of key-based encryption used in transport layer security.

    Asymmetric encryption uses a public key and a private key. Without both keys, encrypted data cannot be decrypted.

    Asymmetric encryption uses two encryption keys.Asymmetric encryption uses two encryption keys to secure data.

    Symmetric encryption allows data to be encrypted and decrypted with a private key that is known to both parties.

    img-03Symmetric encryption uses one encryption key.

    How is a TLS handshake done?

    The TLS “handshake” establishes an authenticated connection between a client device and a server. Here’s how the TLS handshake works:

    1. The client device sends an initial message (Client Hello) to the destination server. It includes the version of TLS it supports as well as the cryptographic algorithms it supports (cipher suite).

    2. The server responds with a Server Hello message that includes its corresponding certificate with its public key.

    3. The client device verifies the server’s TLS certificate.

    4. The client device then creates a pre-master secret that’s encrypted using the public key.

    5. The server decrypts the pre-master secret with its own private key.

    6. Both the client device and server confirm that the process has been completed and have a symmetric (master) key that can now be used for encryption and decryption.

    So while the handshake uses asymmetric encryption, once the process is complete, symmetric encryption is used to send data safely and securely.

    The pros and cons of TLS technology

    TLS is certainly a big improvement over legacy web encryption protocols, but it’s not perfect. Here’s a summary of the main advantages and disadvantages of TLS technology:


    • End-to-end encryption: Sensitive data can be sent securely to the intended device or user.

    • Trusted: An HTTPS website secured by TLS is recognized to be safer by users when browsing, allowing them to choose safe websites.

    • Increased control: If there are issues in the TLS connection, users are alerted immediately.

    • Reduction in MITM attacks: TLS helps to prevent man-in-the-middle attacks and potential data breaches as a result.


    • Incompatibility: Some older versions of TLS, such as TLS 1.0 or TLS 1.1, are no longer supported by common applications, and some servers can’t yet support TLS 1.3.

    • Cost: Using TLS services is often more costly for domain and server owners due to the higher levels of granular control that can be achieved with encrypted sessions.

    • Cybersecurity threats: As with all security protocols, TLS is not completely impregnable. Hackers are always looking for ways to exploit systems and can send malware attacks and viruses over TLS traffic to make detection more difficult.

    Is TLS secure?

    TLS is one of the strongest encryption protocols available, and it is used globally across the Internet. However, it’s essential that TLS is properly implemented to ensure data is secure.

    The Heartbleed Bug is a notable example of what can happen through improper TLS implementation. The bug is a vulnerability located in OpenSSL — the open-source code library that helps to execute both SSL and TLS protocols — that resulted in significant damage to organizations worldwide.

    The vulnerability provided access to the memory contents of the data requests, which allowed hackers to steal people’s identity and infect devices with malware. The Heartbleed vulnerability was exposed in 2014, after it was discovered by Google researchers as well as by the Finnish cybersecurity organization Codenomicon.

    Codenomicon coined the name “Heartbleed,” which refers to:

    • The “heartbeat”: The data requests between the client device and server

    • “Bleeding”: The leakage of confidential information sent using SSL and TLS

    Many organizations had to update their OpenSSL and replace their existing SSL/TLS certificates.

    Get a VPN to encrypt your connection and browse securely

    A TLS connection can’t offer 100% protection, which is why it’s important to use additional layers of security like a VPN. Avast SecureLine VPN provides a secure connection that helps you block trackers and keep your data hidden from prying eyes, even on unsecured public Wi-Fi.

    And with a wide selection of speedy servers all over the world, you can enjoy a lightning-fast connection close to the content you love. Keep your online activity private, your browsing secure, and your content accessible. Install Avast SecreLine VPN today.

    Hide your online activity and access content with Avast SecureLine VPN

    Free trial

    Hide your online activity and access content with Avast SecureLine VPN

    Free trial
    Security Tips
    Crissy Joshua