What is TLS?

In networking, Transport Layer Security (TLS) is a protocol designed to provide privacy and data security to communications being sent over a computer network. It is recognisable to most as the padlock icon in web browsers, showing that a session is secure.

How does TLS work?

TLS works by using both asymmetric and symmetric encryption, with each certificate consisting of a public key and a private key. Asymmetric encryption establishes the session between a client and server, while symmetric encryption is used to exchange data securely within the session.

What is a TLS certificate?

A TLS certificate is a file containing the public key and identity of the website owner. The certificate allows the client to establish a secure connection to the website server, and a unique session key.

What’s the difference between TLS and SSL?

SSL refers to Secure Sockets Layer. TLS is the upgraded version of SSL – fixing the security flaws present in the now-outdated protocol. Businesses should use TLS in order to take advantage of the improved security features.

The terms TLS and SSL are often used interchangeably, as they are effectively referring to the same thing – cryptographic protocols that authenticate data transfers – but it is important that businesses are aware which one they are using.

What’s the difference between TLS and HTTPS?

HTTPS – Hypertext Transfer Protocol Secure – uses TLS as a sublayer. If your website uses HTTPS, all the information will be encrypted by TLS certificates. You might have seen sites that don’t use HTTPS marked as ‘not secure’ on your browser.

Why should businesses use TLS?

One reason why businesses should use TLS is to prevent traffic from being restricted to their site. Universal Threat Management Devices (UTMs) –  used by organisations to block certain content, check the authenticity of a URL before going to the page, which includes checking the site for a valid certificate. If there is no certificate, or the certification authority is untrusted, the UTM would identify this and block the page (depending on the UTM configuration).

Another reason why businesses should use TLS is that Google has announced that sites with HTTPS achieve better ranking – making it easier for your customers to find you online.

TLS also helps to protect web applications from bad actors ‘eavesdropping’ on data. This ensures yours, and your customers’ private information is kept secure. Most browsers will also display a ‘not secure’ message in the address bar of sites without a TLS certificate, causing potential customers to leave your site.

Other considerations

An important factor to note is that just because the connection to the site is secure, doesn’t necessarily mean the site itself is safe. Cybercriminals can easily use TLS and get HTTPS certificates on sites they create, which they can then use to steal your information, or attack your device.