if my application uses(for instance online shopping application ) plain tcp protocol for connecting to our partners' hosts who process payments, tcp is not secure way for transmitting data? TLS X.X or SSL will be applicable only for https (Application Layer protocols)? or TLS/SSL its self a protocol which can work on top of TCP?
Also, Say for example a payment processor shared http endpoint which is TLS enabled one. and I am connecting it with tcp. --- how the encryption/decryption happens at both ends ? Thanks in advance.
TLS is a protocol which works on top of TCP. HTTPS is HTTP on top of TLS on top of TCP. There are other protocols which use TLS on top of TCP like IMAPS, FTPS etc. One can also establish a TLS session on top of an existing TCP connection and transfer data with ones own application protocol. One can even do this after other data where already exchanged over the plain TCP connection, as done within SMTP or IMAP (TLS only after STARTTLS command).