WAP architectures consist of several protocols, especially WTLS (wireless transport layer security) and SSL (secure sockets layer). Although both protocols secure data over an open network, they differ in their mode of operation. SSL secures end-to-end communications whereas WTLS defines connection-oriented and datagram transport protocols. As these two protocols are incompatible with each other, WTLS does not provide secure connections with SSL. Thus, WAP gateways break secure links. This paper proposes a new security protocol in order to ensure an end-to-end secure session key exchange between the client and the web server and thus would have an impact on new services independent of WAP gateways.