What is TLS?
TLS (Transport Layer Security) is the cryptographic protocol that secures communication over the internet. When you see HTTPS in your browser, TLS is providing the encryption and authentication. TLS is the successor to SSL — the term "SSL certificate" is still commonly used but modern certificates use TLS.
TLS Version History
| Version | Released | Status | Notes |
|---|---|---|---|
| SSL 2.0 | 1995 | ❌ Deprecated | Never use — multiple critical flaws |
| SSL 3.0 | 1996 | ❌ Deprecated | POODLE attack (2014) |
| TLS 1.0 | 1999 | ❌ Deprecated | BEAST, POODLE attacks; disabled by PCI DSS |
| TLS 1.1 | 2006 | ❌ Deprecated | Deprecated by browsers in 2020 |
| TLS 1.2 | 2008 | ✅ Supported | Current minimum standard |
| TLS 1.3 | 2018 | ✅ Recommended | Fastest and most secure |
TLS 1.2 vs TLS 1.3
| TLS 1.2 | TLS 1.3 | |
|---|---|---|
| Handshake round trips | 2 RTT | 1 RTT (0-RTT resumption) |
| Cipher suites | Many (including weak ones) | Only strong suites |
| Forward secrecy | Optional | Mandatory |
| RSA key exchange | Supported | Removed |
| Performance | Good | Better (~30% faster handshake) |
| Security | Good | Excellent |
Check TLS Support with OpenSSL
# Check TLS 1.3 support
openssl s_client -connect example.com:443 -tls1_3 < /dev/null
# Check TLS 1.2 support
openssl s_client -connect example.com:443 -tls1_2 < /dev/null
# Show full handshake info
echo | openssl s_client -connect example.com:443 2>&1 | grep "Protocol"Configure Nginx for TLS 1.2 and 1.3
server {
listen 443 ssl;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
}✓ Recommendation: Support TLS 1.2 and TLS 1.3, disable TLS 1.0 and 1.1. This balances security with broad compatibility. PCI DSS 3.2+ requires disabling TLS 1.0 for cardholder data environments.