Transport Layer Security is protocol to realize encrypted data exchange, it is used formerly in securing TCP/IP sockets. This makes it to the most common data traffic securing in the Internet. TLS doesn't do encryption by itself it only provides the toolset to exchange private keys and use common synchronous encryption to encrypt the traffic after. However, to exchange the private keys a asynchronous cypher is used first, for the so called TLS handshake. Most common it's done by RSA. Asynchronous encryption is important to secure a connection over a accessible transport layer without having a way to share a secret key in private first. That is where an asynchronous encryption algorithm develops its power. It's like you are able to talk in French don't understand it, nobody else does but your partner is able to. The partner itself repeats in Czech, what you understand but he and all other listeners don't. Asynchronous encryption is encrypted by a public key and needs it’s private counter part to decrypted. It's not possible to decrypt again by the public or every other key, at least as fare as we know today. Because asynchronous encryption is slow and more likely to be affected to vulnerabilities it's only used to exchange the private key and an agreement to the later used encryption parameter first. The real data exchange is done by classical synchronous encryption like AES-256. Synchronous encryption uses the same key for encryption and decryption.
Because at the initial level of the TLS handshake the partner can only assume the identity of the counter party, TLS uses digital certificates to ensure the identity of a system. While server side certificates are the most common ones and used all over the world wide web, client side certificate are often used in companies to ensure a device is a trusted one. For common services on the Internet it's usually enough for the first handshake if the server proves it's integrity. The proof of origin of a certificate is done by the x.509 technique which uses asynchronous encryption to verify the signature of a trusted official CA (Certificate authority). That's done by the public and well known Certificate of that authority which is validated against the servers certificate signature.
Read more about TLS a the IEEE webpage: Transport Layer Security (TLS)
Read more about the specifications of TLS 1.3 at the IETF webpage: TLS 1.3
