WAP is a set of protocols that optimizes standard TCP/IP/HTTP/HTML protocols, for use under the low bandwidth, high latency conditions often found in wireless networks. But, end-to-end security is not supported unless a WAP gateway is operated by the content provider. We propose ITLS mechanism to solve the WAP security problem. The goal of ITLS is to prohibit the WAP gateway from having the plain text message assuming the gateway doesn’t belong to the content provider. In ITLS, the security partner of a Web server is not a gateway but a client, the client encrypts twice times for the Web server and the gateway in the order named. To support these functions, IniCertificate and IntClientKeyExchange message types are added in ITLS handshake protocol, application data encryption and decryption rules are modified. It is one drawback that ITLS enabled mobile devices might have many loads than WTLS because of encryption and decryption twice times.