diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 9124bb7ddcc..010973fddc0 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -32,9 +32,9 @@ const common = require('_tls_common');
 const { StreamWrap } = require('_stream_wrap');
 const { Buffer } = require('buffer');
 const debug = util.debuglog('tls');
-const tls_wrap = process.binding('tls_wrap');
 const { internalBinding } = require('internal/bootstrap/loaders');
 const { TCP, constants: TCPConstants } = internalBinding('tcp_wrap');
+const tls_wrap = internalBinding('tls_wrap');
 const { Pipe, constants: PipeConstants } = process.binding('pipe_wrap');
 const { owner_symbol } = require('internal/async_hooks').symbols;
 const { SecureContext: NativeSecureContext } = internalBinding('crypto');
diff --git a/lib/internal/bootstrap/node.js b/lib/internal/bootstrap/node.js
index 23088c2b711..e4748602f31 100644
--- a/lib/internal/bootstrap/node.js
+++ b/lib/internal/bootstrap/node.js
@@ -353,7 +353,8 @@
         'signal_wrap',
         'crypto',
         'contextify',
-        'tcp_wrap']);
+        'tcp_wrap',
+        'tls_wrap']);
     process.binding = function binding(name) {
       return internalBindingWhitelist.has(name) ?
         internalBinding(name) :
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index eb40d856fda..c2efc0c0b87 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -915,4 +915,4 @@ void TLSWrap::Initialize(Local<Object> target,
 
 }  // namespace node
 
-NODE_BUILTIN_MODULE_CONTEXT_AWARE(tls_wrap, node::TLSWrap::Initialize)
+NODE_MODULE_CONTEXT_AWARE_INTERNAL(tls_wrap, node::TLSWrap::Initialize)
diff --git a/test/parallel/test-tls-wrap-no-abort.js b/test/parallel/test-tls-wrap-no-abort.js
index 21a472ee3bc..9e75da50151 100644
--- a/test/parallel/test-tls-wrap-no-abort.js
+++ b/test/parallel/test-tls-wrap-no-abort.js
@@ -1,3 +1,4 @@
+// Flags: --expose-internals
 'use strict';
 
 const common = require('../common');
@@ -5,7 +6,8 @@ if (!common.hasCrypto)
   common.skip('missing crypto');
 
 const util = require('util');
-const TLSWrap = process.binding('tls_wrap').TLSWrap;
+const { internalBinding } = require('internal/test/binding');
+const TLSWrap = internalBinding('tls_wrap').TLSWrap;
 
 // This will abort if internal pointer is not set to nullptr.
 util.inspect(new TLSWrap());
diff --git a/test/sequential/test-async-wrap-getasyncid.js b/test/sequential/test-async-wrap-getasyncid.js
index 9386c331996..c4a4b9b058f 100644
--- a/test/sequential/test-async-wrap-getasyncid.js
+++ b/test/sequential/test-async-wrap-getasyncid.js
@@ -266,7 +266,7 @@ if (common.hasCrypto) { // eslint-disable-line node-core/crypto-check
   const credentials = require('tls').createSecureContext({ ca, cert, key });
 
   // TLSWrap is exposed, but needs to be instantiated via tls_wrap.wrap().
-  const tls_wrap = process.binding('tls_wrap');
+  const tls_wrap = internalBinding('tls_wrap');
   testInitialized(
     tls_wrap.wrap(tcp._externalStream, credentials.context, true), 'TLSWrap');
 }