Hi, sure. Encryption is one of my favorite topics.
This is a common misconception about TLS, actually a bit more complex.
Using Private/Public key for data encryption would be too inefficient and too slow. Instead TLS uses symmetric encryption for data flow.
The first phase is the TLS handshake where the client and server choose a cipher, the client authenticates the server, optionally the server authenticates the client, and they both negotiate a common symmetric key (here 128 bits). The symmetric key, also called session key is used for both encryption and decryption of data both ways. It is a secret shared between the client and the server for a limited period of time (typically 24h max).
In its simplest form, the client generates a random key (128 bits for Tasmota), encrypts the session key with the server's public key. The server decrypts the session key with its private key, and they can communicate. However, this scheme has a weakness. If you record all encrypted traffic, and if in the future the server gets compromised and the private key disclosed, you can then decrypt all past traffic.
To avoid this, the industry uses increasingly Diffie-Hellman: the session key is partly generated by both the client and the server, and they negociate a common key (interesting math behind this). This is also called Forward Perfect Secrecy.
Let's have a look of what Tasmota supports:
By default it uses TLS_RSA_WITH_AES_128_GCM_SHA256.
RSA: the private/public key of the server uses RSA, max 2048 bits
AES_128_GCM: AES symmetric encryption with Gallois Counter Mode using128 bits keys
SHA256: hashes use SHA-256 bits
If you set #define USE_MQTT_TLS_FORCE_EC_CIPHER, it uses more advanced cipher: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ECDHE: Ephemeral Elliptic Curve Diffie-Hellman, this provides Perfect Forward Secrecy when negotiating the symmetric key
RSA: server key is still of type RSA (max 2048 bits)
AES_128_GCM: same as above, symmetric encryption
SHA256: same as above
Hope this helps,
Stephan