How is TLS (Transport Layer Security) used in practice?

See real-world examples and code snippets on the TLS (Transport Layer Security) glossary page at CDN Certified.

What concepts are related to TLS (Transport Layer Security)?

Related terms include: SNI (Server Name Indication).

TLS (Transport Layer Security) (TLS)

Security

The encryption protocol that secures HTTPS connections. TLS encrypts data in transit between client and server, authenticates the server's identity via certificates, and ensures data integrity.

Updated Mar 9, 2026

Full Explanation

TLS is what puts the S in HTTPS. When you visit https://example.com, TLS handles the handshake: verifying the server's certificate, agreeing on encryption algorithms, and establishing session keys. All data after that is encrypted—no one between you and the server can read or modify it.

For CDNs, TLS termination happens at the edge. The CDN presents your SSL certificate to visitors, handles the CPU-intensive handshake, and then connects to your origin (often also over TLS). This means the CDN edge does the heavy crypto lifting, not your origin server.

TLS 1.3 (the current version) is significantly faster than TLS 1.2—one round trip for the handshake instead of two, and 0-RTT resumption for returning visitors. Most CDNs default to TLS 1.3 now. If you're still on TLS 1.2, upgrade—it's free performance and better security.

Examples

# Check TLS version and cipher
$ curl -vI https://example.com 2>&1 | grep -E 'SSL|TLS'
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

# Nginx: modern TLS config
server {
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_certificate /etc/ssl/cert.pem;
    ssl_certificate_key /etc/ssl/key.pem;
    
    # HSTS: tell browsers to always use HTTPS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

# Test SSL config
$ openssl s_client -connect example.com:443 -tls1_3
# Or use ssllabs.com for a full audit

Video Explanation

Frequently Asked Questions

The encryption protocol that secures HTTPS connections. TLS encrypts data in transit between client and server, authenticates the server's identity via certificates, and ensures data integrity.

# Check TLS version and cipher
$ curl -vI https://example.com 2>&1 | grep -E 'SSL|TLS'
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384

# Nginx: modern TLS config
server {
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_certificate /etc/ssl/cert.pem;
    ssl_certificate_key /etc/ssl/key.pem;
    
    # HSTS: tell browsers to always use HTTPS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

# Test SSL config
$ openssl s_client -connect example.com:443 -tls1_3
# Or use ssllabs.com for a full audit

Related CDN concepts include:

SNI (Server Name Indication) (SNI) — A TLS extension that lets the client specify which hostname it's connecting to during the …

Previous Term Throughput

Next Term Token Authentication

Back to Glossary