TLS counters the threats to communications security with cryptographic methods (see the section “Fundamentals of cryptography”).

The aims of the cryptographic methods are as follows:

• Authentication of Data Origin
  Authentication of data origin ensures that the specified source of the data is the genuine sender. This measure is crucial to prevent active attacks, such as "man-in-the-middle" attacks, where an attacker intercepts communication between two parties and impersonates each party to the other.

• Data Confidentiality
  Data confidentiality protects information from being read by unauthorized individuals.

• Data Integrity
  Data integrity ensures that the transferred data remains unaltered and authentic during transmission.

• Anti-Replay
  Anti-replay mechanisms prevent intercepted data from being captured and resent by an intruder to gain unauthorized access or perform malicious actions.

• Confidentiality of Traffic Flow
  Confidentiality of traffic flow prevents unauthorized entities from analyzing communication patterns and message traffic.

• Non-repudiation
  Non-repudiation guarantees that the parties involved in the communication cannot deny their participation or the transmission of the data.

TLS enables the first four of these aims to be implemented. In the process, TLS offers a high degree of flexibility in selecting the cryptographic methods used, at the same time relieving the user of the need to have detailed cryptographic knowledge.