TLS

TLS encrypts and authenticates data in transit (HTTPS, SMTPS, and more), using a certificate to authenticate the server and negotiate a session key. Require TLS 1.2 at minimum and prefer 1.3, disabling legacy versions and weak ciphers. Mutual TLS (mTLS) authenticates both ends and underpins zero-trust service meshes.