How TLS Protects Your Files in Transit

The padlock icon in your browser's address bar means TLS is active. But what is TLS actually doing? And why does it matter for every file you upload or download?

What TLS Is

TLS (Transport Layer Security, the successor to SSL) is a cryptographic protocol that creates an encrypted tunnel between your browser and the server. All data travelling through that tunnel is encrypted, authenticated, and protected against tampering.

The TLS Handshake

Before any data is transmitted, TLS performs a handshake:

1. Your browser sends a list of encryption algorithms it supports
2. The server selects the best option and sends its certificate (containing its public key)
3. Your browser verifies the certificate was signed by a trusted Certificate Authority
4. A shared session key is derived using asymmetric cryptography (Diffie-Hellman key exchange)
5. All subsequent data in the session is encrypted with that shared key using a symmetric algorithm (AES)

In TLS 1.3 (the current version), this handshake takes only one round trip — making it both secure and fast.

What TLS Protects Against

• Eavesdropping — anyone on the network between you and the server (your ISP, a coffee shop router, a man-in-the-middle attacker) sees only encrypted data
• Tampering — TLS authenticates data integrity, so a modified file mid-transit would be detected and rejected
• Impersonation — the certificate chain ensures you're connected to the real server, not an impostor

What TLS Doesn't Protect

TLS decrypts at the server. The platform can read your files once they arrive. It doesn't protect against server-side breaches, insider threats, or legal compulsion of the platform. For those threats, you need encryption at rest and (for maximum protection) client-side encryption before upload.

All file transfers through TiniDrop use TLS 1.3, enforced by Cloudflare's network, with HTTP Strict Transport Security (HSTS) preventing any downgrade to insecure connections.