What is Transport Layer Security (TLS)

What is Transport Layer Security (TLS)? 

Transport Layer Security (TLS) is the most widely used protocol to secure connections on the internet. The TLS protocol ensures that a connection cannot be eavesdropped on and that messages sent over the connection cannot be manipulated. For example, TLS is used when visiting a website, sending email, and setting up a VPN connection. 

Why is this important? 

TLS has been under development for over thirty years and offers extensive configuration options. Not all options within TLS are still secure. This is because, for example, some encryption algorithms are no longer strong enough. Client applications, such as a web browser, may also decide to no longer support older versions of TLS, making a TLS connection to outdated systems impossible. It is therefore important that you configure TLS correctly and check your configuration periodically. 

How can I validate my TLS configuration? 

There are various tools available that provide insight into the current TLS configuration of your website or web application when it is accessible over the internet. For example, https://en.internet.nl/ can check your website or email server against our TLS guidelines. This can give you more insight and is a good starting point for a discussion with your IT supplier. 

TLS Security Guidelines 

Because not all TLS options are secure, the NCSC developed TLS guidelines to help you choose secure options for your application. The guidelines are actively maintained.