Soumya Deb proposed an excellent and classic question about network layers in the Effective CISSP Facebook group.

Wentz’s Perspective

TLS belongs to the Session Layer.

The Network layer deals with addressing and routing; it can be ruled out. The Transport layer ensures end-to-end transmission by flow control and error detection and recovery. The Session layer establishes a session-level connection (or session for short) between two presentation entities, synchronizes their dialogue, and manages their data exchange.

The Session layer is quite similar to the Transport layer. However, the primary difference lies in “flow control.” TLS (RFC 8446) messages are encapsulated in the so-called TLS “records” to conduct handshake (key exchange key and authentication), exchange messages (no need to consider transport issues, e.g., buffer size, segmentation, or flow control), and alert exceptions. Connection establishment, exception reporting, token management, data transfer, are the characteristics of the session layer.

Moreover, TLS uses TCP port 443 by default if TCP/IP is implemented.  RFC 2818 reads, “This does not preclude HTTP/TLS from being run over another transport.” In other words, TLS is supported by a transport protocol, and TLS itself is not a transport protocol.

Based on the ISO 7498-1, the ISO reference model, I prefer TLS belongs to the Session layer.

Other Perspectives

• Wikipedia: TLS belongs to the Application layer in terms of the TCP/IP model.
• Sybex CISSP Official Study Guide (OSG): TLS operates within the Transport layer in terms of the ISO model.
• AIO: TLS can belong to the Session layer or Transport because some protocols may straddle the different layers.

References

• Transport Layer Security (Wikipedia)
• HTTP Over TLS
• ISO/IEC 7498-1:1994
• The Transport Layer Security (TLS) Protocol Version 1.3