Transport Layer Security
Contents
Definition
Transport layer security, often shortened to TLS, is a security protocol that improves the security of online communication. It is used to encrypt, verify and authenticate communication between browsers and servers, among other online communications.
TLS is a critical security layer in the HTTPS protocol, often called HTTP over TLS.
What is TLS used for?
Various transport layer security protocols are used online to make secure communication possible. They are used to encrypt the communication on websites, web applications, email clients, and VoIP systems.
TLS helps web developers protect their website users from data theft and fraud by encrypting their communication with the server. This improves the user experience and has even become an important ranking factor for major search engines over the years.
Most major browsers will display a warning when the communication with a site isn’t encrypted. This can make a site very difficult to access by a user or cause them to reconsider whether a site is safe or not.
TLS certificates
A website needs to have a TLS certificate installed to use transport layer security. These certificates are often called SSL certificates, even though they use TLS instead of SSL.
This certificate contains a public key and information on the domain name it was created for. This information is used for encryption. It confirms that the information was sent by the right party and a third-party hasn’t changed it.
Forcing HTTPS
It’s best practice to force all communication with a site to use the HTTPS version. Forcing HTTPS means that all HTTP versions of the page redirect to the HTTPS version, ensuring TLS encryption is used optimally.
This is achieved using the 301 redirect, which is an important HTTP status code that moves the user to the preferred version of the page. This forces all website visitors and search engine crawlers to use the secure version, improving the user experience of a site.
TLS and page speed
In the past, the use of TLS could negatively impact page speed. The use of transport layer security requires computing power and extra server requests, causing loading delays.
Today’s TLS certificates offer improved performance when compared to those provided in the past. This means that if they’re implemented properly without additional redirects, the speed implications are small and are outweighed by the benefits.
Redirect chains
Besides redirecting all users to the secure version of a site, there are also other choices that a web developer has to make regarding the preferred URL. Some of these include whether to use the www. version or the non-www. version, as well as whether to use a trailing slash or not.
When redirecting to the secure version, all pages must redirect directly to the final destination. If not, redirect chains can occur, as depicted below:
An example of a redirect chain.
An image of how to fix the redirect chain by linking all URLs directly to the preferred URL.
The difference between TLS and SSL
TLS is a more recent and more secure version of SSL, the latter of which had become outdated by the start of the twenty-first century. When online shopping started gaining traction, more advanced online encryption was needed.
SSL stands for Secure Socket Layer and is no longer used for the security of online communication. Although SSL isn’t actually used anymore, the term is still used often instead of TLS. An example of this is the SSL certificate, which is the more common name used for a TLS certificate.
Its importance for SEO
Transport layer security is an important part of a site’s security. It allows web developers and SEOs to create a safe environment for visitors, improving the user experience and signaling to search engines that the site is secure.
By forcing the use of HTTPS and correctly implementing 301 redirects, redirect chains can be prevented and link equity can be preserved, improving a site’s SEO performance and a page’s speed.
Related links
- Switching from HTTP to HTTPS – Migration Guide – Seobility Blog
- https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-certificates-tls-https-and-opportunistic-tls
- https://developers.google.com/search/docs/advanced/security/https
Similar articles
| About the author |
 |