Logo
Dashboard
Security

TLS

Transport Layer Security - The cryptographic protocol that provides secure communication over networks, succeeding the deprecated SSL protocol for HTTPS and other secure connections.

What is TLS?

TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over computer networks. It’s the successor to SSL and is used to encrypt data transmitted between web browsers and servers (HTTPS), email clients and servers, and many other applications.

TLS Versions

TLS 1.3 Improvements

Faster Handshake

TLS 1.2: 2 round trips
TLS 1.3: 1 round trip (0-RTT possible)

Stronger Security

Simplified Protocol

TLS Handshake (1.3)

Client → Server: ClientHello
  - Supported versions
  - Key shares
  - Cipher suites

Server → Client: ServerHello
  - Selected version (TLS 1.3)
  - Key share
  - Certificate (encrypted)
  - Finished

Client → Server: Finished

[Encrypted application data]

Cipher Suites

TLS 1.3 (Simplified)

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

TLS 1.2 (Complex)

ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256

Configuring TLS

Nginx

server {
    listen 443 ssl http2;
    
    # TLS versions
    ssl_protocols TLSv1.2 TLSv1.3;
    
    # TLS 1.3 ciphers (preferred)
    ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384;
    
    # Certificates
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
}

Node.js

import https from 'https';
import fs from 'fs';

const server = https.createServer({
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem'),
  minVersion: 'TLSv1.3',
  maxVersion: 'TLSv1.3'
}, (req, res) => {
  res.writeHead(200);
  res.end('TLS 1.3 connection');
});

server.listen(443);

Testing TLS

# Check TLS version
openssl s_client -connect example.com:443 -tls1_3

# Test cipher suites
nmap --script ssl-enum-ciphers -p 443 example.com

# Online tools
# - SSL Labs (ssllabs.com/ssltest)
# - testssl.sh

TLS Best Practices

  1. Use TLS 1.2 minimum, prefer 1.3
  2. Disable SSLv2, SSLv3, TLS 1.0, TLS 1.1
  3. Use strong cipher suites
  4. Enable Forward Secrecy
  5. Implement HSTS
  6. Regular certificate rotation

TLS with CorsProxy

// CorsProxy uses TLS 1.2/1.3 automatically
const response = await fetch(
  'https://corsproxy.io/?url=https://api.example.com',
  {
    headers: {
      'x-cors-api-key': process.env.CORS_API_KEY
    }
  }
);

// Your app ←[TLS 1.3]→ CorsProxy ←[TLS 1.2/1.3]→ Destination
// No configuration needed
// Modern ciphers only
// Perfect forward secrecy

Common TLS Issues

Version Mismatch

Client: TLS 1.3 only
Server: TLS 1.2 only
Result: Connection failed

Certificate Errors

Cipher Suite Incompatibility

Client: Supports only TLS_AES_128_GCM_SHA256
Server: Offers only TLS_CHACHA20_POLY1305_SHA256
Result: Handshake failure

Learn More

Create a free Account to fix CORS Errors in Production

Say goodbye to CORS errors and get back to building great web applications. It's free!

See Pricing Create Account
CORSPROXY Dashboard

Related Terms

Encryption HTTPS SSL SSL Certificate

Encryption

The process of converting plaintext data into ciphertext using cryptographic algorithms to protect information from unauthorized access during transmission or storage.

HTTPS

HyperText Transfer Protocol Secure - The secure version of HTTP that encrypts data transmitted between browsers and web servers using SSL/TLS protocols.

SSL

Secure Sockets Layer - A deprecated cryptographic protocol for establishing encrypted connections between web servers and clients, now superseded by TLS.

SSL Certificate

A digital certificate that authenticates a website's identity and enables encrypted HTTPS connections between web servers and clients using SSL/TLS protocols.

More in Security

Anti-Detect Browser

An anti-detect browser is a specialized web browser designed to mask and manage multiple digital fingerprints, allowing users to create and maintain separate browser profiles with unique identities to avoid detection and tracking by websites.

CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart - A challenge-response test designed to determine whether the user is human or an automated bot.

CORB

Cross-Origin Read Blocking (CORB) and Opaque Response Blocking (ORB) - Browser security mechanisms that prevent malicious websites from reading sensitive cross-origin data, protecting against Spectre-class side-channel attacks.

Related guides

Security

service

WebSocket CORS in Browser Games: Security and Implementation Guide

Learn how WebSockets bypass CORS restrictions in browser games, understand security implications, and implement safe real-time multiplayer connections.

Avoid These Mistakes When Handling CORS

Cross-Origin Resource Sharing (CORS) is a fundamental security feature implemented in web browsers to control how resources are shared between different origins.

Common CSRF Protection Mistakes Developers Make (And How to Fix Them)

Cross-Site Request Forgery (CSRF) remains one of the most misunderstood web security vulnerabilities. Learn the most common CSRF protection mistakes developers make, how to distinguish CSRF from CORS errors, and implement bulletproof CSRF defenses.
Back to Glossary