mTLS, which stands for Mutual Transport Layer Security, is a security method where both parties in a network connection (the client and the server) authenticate each other simultaneously.

In standard TLS (the "S" in HTTPS), only the server proves its identity to the client. mTLS adds a second check: the server also requires the client to provide a certificate.

The biggest hurdle with mTLS is Certificate Management. You have to issue, rotate, and revoke certificates for every single client. If a certificate expires or a private key is leaked, the connection will break or become insecure.

mTLS is rarely used for public websites (because it would require every visitor to have a personal security certificate), but it is the gold standard for internal or machine-to-machine security.