Home/ Glossary/ Transport Layer Security

Transport Layer Security (TLS)

Security Glossary - SSL/TLS

Definition: Transport Layer Security is the cryptographic protocol that provides secure communication over a computer network. TLS is the successor to SSL and is the protocol actually used when you see HTTPS in a browser's address bar. The current version is TLS 1.3, released in 2018.

Why You Should Care About TLS

TLS protects data in transit between a client and server by providing encryption, authentication, and integrity. Without TLS, any data sent between a browser and web server travels in plaintext, meaning anyone on the same network - such as a public Wi-Fi hotspot - can read passwords, session tokens, and personal information.

The version of TLS your server supports directly affects security. TLS 1.0 and 1.1 have known vulnerabilities and are deprecated by all major browsers. TLS 1.2 remains secure when configured with strong cipher suites, but TLS 1.3 is preferred because it removed legacy cryptographic algorithms and reduced the handshake to one round trip, improving both security and performance.

Running outdated TLS versions exposes your users to downgrade attacks, where an attacker forces the connection to use a weaker protocol version that can be broken. Payment Card Industry (PCI) compliance requires TLS 1.2 or higher, so e-commerce sites on older versions face compliance violations.

Settings Overview

SettingRecommended Value
Minimum TLS versionTLS 1.2
Preferred TLS versionTLS 1.3
TLS 1.0Disable
TLS 1.1Disable
Cipher suitesAEAD only (AES-GCM, ChaCha20)
Key exchangeECDHE preferred

Checking Your Setup

Run an SSL/TLS checker against your domain to see which TLS versions your server supports. The results will show whether TLS 1.0 and 1.1 are still enabled (they should be disabled) and whether TLS 1.3 is supported. Check the cipher suites listed to confirm no weak algorithms are in use.

Check SSL Certificate

Questions and Answers

Is TLS 1.2 still secure?
Yes, TLS 1.2 is still considered secure when configured with strong cipher suites. However, TLS 1.3 is preferred for new deployments because it removes support for older, potentially vulnerable algorithms and provides better performance.
How do I know which TLS version my site uses?
Use an SSL checker tool that reports the TLS versions your server accepts. You can also check in your browser's developer tools - click the lock icon in the address bar to see connection details including the TLS version.

Learn More

SSL/TLS Certificate Hypertext Transfer Protocol Secure TLS 1.3 TLS 1.2 Cipher Suite
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.