WTLS Explanation

Wirless Transport Layer Security

WTLS (which stands for Wirless Transport Layer Security according to abbreviationfinder) protocol.It is a security protocol, belonging to the Wireless Application Protocol (WAP) set of protocols.

General characteristics

WTLS derives from the TLS protocol. WTLS uses similar semantics adapted for lower bandwidth mobile devices. The adaptations are:

  • Compressed data structures When possible, packet sizes are reduced using Bit field, discarding redundancy and truncating some cryptographic elements.
  • New certificate format WTLS defines a compressed certificate format. It broadly complies with the 509 v3 certificate structure, but uses smaller data structures.
  • Packet-based design TLS was designed to be used over data stream. WTLS adapts that design to be more suitable for a packet-based network. A significant part of this design is based on the requirement that it be possible to use a packet network such as SMS as a transport layer.

WTLS was replaced in the WAP 2.0 standard by the End-to-end Transport Layer Security standard.


WTLS uses modern cryptographic algorithms and, as TLS does, it allows negotiation of cryptographic methods between the client and the server.


Some of the algorithms: Exchange of Keys and Certifications:

  • RSA (Cryptographic System with Public Key)
  • Elliptical Curve Cryptography (CCE)

Symmetric cryptography

  • DES
  • Triple DES
  • RC5

Message digest (message digest):

  • MD5
  • SHA1


  • Encryption / Decryption at the gateway in the WAP architecture the content is generally stored on the server as uncompressed WML. The content is obtained by the gateway using the HTTP protocol and is compressed using WBXML, to achieve this compression the gatewaymust be able to manipulate the WML in plain text, in this way if there is encryption between the client and the gateway (using WTLS) and between the gateway and the server (using HTTPS) the gateway acts as man-in-the-middle. This gateway architectureserves certain purposes: gateway between HTML and WML; content providers do not need to implement WBXML compression; removes dependency on DNS; enables a walled garden (closed garden, “browsing environment that controls the information and websites that the user can access”).
  • Truncated Digest HMAC (Hash-based Message Authentication Code) the digest of messages is truncated to reduce transmission overhead, this potentially reduces the effectiveness of HMAC by reducing data integrity protection.
  • Inadequate summary WTLS is significantly different from TLS, it is not clear if changes made to WTLS weaken security in any way. The use of a new certificate format is an example of this. The format defined in the WTLS specification may not be appropriate for all uses in which a certificate may be required.
  • Client Implementation As there is no official specification that mentions how to implement WTLS, cryptographic algorithms or insecure key generation processes can be used. WTLS can be disabled in some client programs.


As mentioned previously, the client and the server negotiate the cryptographic methods. This happens when the session starts, shortly the client sends a list of the algorithms it supports and the server selects a set of them, or rejects the connection. The standard does not specify which algorithms are required to support. An endpoint (client or server) that needs to interact with any other endpoint needs to implement each algorithm (including those that are protected by intellectual rights).

Wirless Transport Layer Security