HTTPS, and therefore TLS, is used everywhere, but TLS is more than just uploading the certificate to the server. What mechanisms can be used to increase security and what trade-offs are involved?