Security
TLS/SSL
Intermediate
TLS versions-use TLS 1.2 or 1.3 for security
Disable outdated SSL 3.0, TLS 1.0, 1.1. Use TLS 1.2 (minimum) or TLS 1.3 (recommended) for strong encryption.
UnderHost NOC
Network Operations
On this page
TLS (Transport Layer Security) encrypts data between browsers and servers. Newer versions are more secure. Use TLS 1.2 minimum; TLS 1.3 is best.
TLS version timeline
| Version | Released | Status |
|---|---|---|
| SSL 2.0 | 1995 | ❌ BROKEN - Disable immediately |
| SSL 3.0 | 1996 | ❌ INSECURE - Disable |
| TLS 1.0 | 1999 | ❌ DEPRECATED - Disable (PCI DSS violation) |
| TLS 1.1 | 2006 | ⚠️ LEGACY - Disable if possible |
| TLS 1.2 | 2008 | ✅ GOOD - Minimum for 2026 |
| TLS 1.3 | 2018 | ✅ EXCELLENT - Recommended |
Why disable old versions
- Vulnerabilities: SSL 3.0 and TLS 1.0 have known exploitable flaws
- Weak ciphers: Old protocols support insecure encryption methods
- Compliance: PCI DSS requires TLS 1.2+ for payment processing
- Browser warnings: Modern browsers show warnings for TLS 1.0/1.1
Configure TLS on server
Nginx
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;Apache
SSLProtocol TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5Test your TLS version
openssl s_client -connect yourdomain.com:443 -tls1_2Or use: SSL Labs SSL Server Test
Don't use TLS 1.0/1.1
These are deprecated and have known vulnerabilities. Modern browsers block them by default.
Related: SSL errors | HTTP headers
Was this article helpful?
Need security-focused hosting?
UnderHost services include DDoS-aware infrastructure, SSL support, account isolation, backups, and security guidance.
