TLS is the encryption layer that protects every HTTPS connection. But not all TLS is equal — old versions have known breaks, weak cipher suites can be downgraded or cracked, and an expired certificate kills user trust instantly. Here's what matters and how to verify it.
SSL (Secure Sockets Layer) is the predecessor to TLS (Transport Layer Security). SSL 2.0 and 3.0 are both fully broken and have been deprecated for over a decade. TLS 1.0 and TLS 1.1 followed and are now also deprecated. When people say "SSL" colloquially today, they almost always mean TLS 1.2 or TLS 1.3. Your server shouldn't support any version called "SSL" at all.
| Version | Status | Action required |
|---|---|---|
| SSL 2.0 / 3.0 | BROKEN | Disable immediately. POODLE and DROWN attacks exploit these. |
| TLS 1.0 | DEPRECATED | Disable. Deprecated by PCI DSS, RFC 8996, and all major browsers in 2020. |
| TLS 1.1 | DEPRECATED | Disable. No known breaks yet, but deprecated alongside TLS 1.0 and has no improvements over TLS 1.2. |
| TLS 1.2 | GOOD | Still safe. Widely supported. Ensure only strong cipher suites are enabled. |
| TLS 1.3 | BEST | Enable and prefer. Faster handshake, perfect forward secrecy mandatory, weak ciphers removed from the spec entirely. |
ssl_protocols TLSv1.2 TLSv1.3;
SSLProtocol -all +TLSv1.2 +TLSv1.3
A cipher suite is a combination of algorithms used to encrypt the TLS connection: key exchange, authentication, bulk encryption, and message authentication. Not all cipher suites are equal — some use known-weak algorithms that can be broken with enough compute.
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers off;
TLS 1.3 has its own fixed cipher list and doesn't use the ssl_ciphers directive — the weak options are removed from the spec entirely, which is one of TLS 1.3's major improvements.
An expired TLS certificate causes browsers to show a hard security warning to all visitors — and most users will leave rather than click through. Certificate expiry is entirely preventable with monitoring and automated renewal.
A self-signed certificate is one where the certificate issuer is the same as the subject — the server signed its own certificate rather than having it signed by a trusted Certificate Authority (CA). Browsers don't trust self-signed certificates because there's no third party vouching that you are who you claim to be.
Self-signed certificates are fine for local development and internal tools where you can distribute and trust the certificate manually. For any public-facing site, use a certificate from a trusted CA. Let's Encrypt provides free DV certificates for public domains — there's no excuse for self-signed certificates on production web servers.
TLS and HSTS are complementary. TLS encrypts the connection; HSTS ensures the browser always uses TLS. A strong TLS configuration without HSTS still leaves the first connection vulnerable to SSL stripping. See the HSTS guide for how to lock down both sides of the equation.
WebAudit checks your TLS version, cipher suite, certificate expiry, issuer, and flags weak configurations automatically.
Check your site's security now →