TLS (Transport Layer Security) is the cryptographic protocol underneath HTTPS. It authenticates the server (proving the certificate matches the hostname and is signed by a trusted CA), establishes a shared encryption key via a handshake (ECDHE in modern setups), and encrypts every byte of the HTTP traffic that follows.
TLS 1.3 (RFC 8446, 2018) is the current version. It's faster than TLS 1.2 (1-RTT or 0-RTT handshake vs 2-RTT), drops insecure cipher suites, and forbids legacy crypto. TLS 1.0 and 1.1 are deprecated and disabled in modern browsers.
Operationally: certificates from Let's Encrypt + automated renewal solve the obvious problem; OCSP stapling (ssl_stapling on in nginx) speeds up the first connection by bundling the revocation check; HTTP/2 and HTTP/3 only run over TLS, so the upgrade is automatic once HTTPS is in place.