Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats (see § Security).
Developers of web browsers have also revised their products to defend against potential security weaknesses after these were discovered (see TLS/SSL support history of web browsers).
Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and Voice over IP (Vo IP).
Websites are able to use TLS to secure all communications between their servers and web browsers.
Another mechanism is for the client to make a protocol-specific request to the server to switch the connection to TLS; for example, by making a STARTTLS request when using the mail and news protocols.
As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0".
TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security.
TLS and SSL do not fit neatly into any single layer of the OSI model or the TCP/IP model.
which would imply that it is above the transport layer.