{"id":7929,"date":"2023-01-30T10:11:00","date_gmt":"2023-01-30T18:11:00","guid":{"rendered":"https:\/\/cheapsslsecurity.com\/blog\/?p=7929"},"modified":"2023-01-30T10:11:18","modified_gmt":"2023-01-30T18:11:18","slug":"tls-versions-what-they-are-and-which-ones-are-still-supported","status":"publish","type":"post","link":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/","title":{"rendered":"TLS Versions: What They Are and Which Ones Are Still Supported?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Is your organization still supporting insecure TLS protocol versions? That&#8217;s a bad idea when more than <a href=\"https:\/\/www.zscaler.com\/blogs\/security-research\/2022-encrypted-attacks-report\">85% of attacks<\/a> in 2022 were found to use encrypted connections. Discover everything you need to know about the different TLS versions and which ones you should use to take your business\u2019s data security to new heights<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Did you know that the first kind of data breach ever recorded <a href=\"https:\/\/wonderfulengineering.com\/the-first-cyber-attack-happened-back-in-1834-this-is-the-story\/\">goes back to 1834<\/a> when the Blanc brothers stole confidential financial market data by exploiting the telegraph line? 189 years later, <a href=\"https:\/\/www.withsecure.com\/en\/expertise\/resources\/the-top-five-security-priorities-for-2023\">34% of the cybersecurity professionals<\/a> interviewed by WithSecure still consider preventing data breaches their top concern.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And they aren\u2019t the only ones. On Jan. 6, 2023, the <a href=\"https:\/\/www.fcc.gov\/\">Federal Communication Commission<\/a> (FCC) released the new <a href=\"https:\/\/docs.fcc.gov\/public\/attachments\/FCC-22-102A1.pdf\">Data Breach Reporting Requirements<\/a> (NPRM) for telecommunication carriers. The document proposes several substantial changes to their customer data regulation in the event of a data breach.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The transport layer security (TLS) is \u201cthe\u201d cryptographic protocol that provides internet communication security. Want to know more about it to learn the basics and use it at its full potential? Read on to discover:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What TLS is and why it\u2019s important.<\/li>\n\n\n\n<li>What different TLS versions are available, their supported algorithms, and their characteristics.<\/li>\n\n\n\n<li>Any vulnerabilities that exist with the different TLS protocol versions.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">What Is TLS?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">TLS, or transport layer security, is a <a href=\"https:\/\/www.codingninjas.com\/codestudio\/library\/what-are-cryptographic-protocols\">cryptographic protocol<\/a> (i.e., a set of rules that enables secure communication) that major websites use to protect data as it transmits from users\u2019 browsers to their servers. TLS provides three important functions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authentication (so users know they\u2019re communicating with the legitimate party),<\/li>\n\n\n\n<li>Data integrity check (so users know data hasn\u2019t been modified since it was sent), and<\/li>\n\n\n\n<li>Encryption (so users\u2019 data are secured and only authorized users can read it).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The goal of TLS is to protect communications across the network so that the transmitted message remains private and unaltered, and so that you know it was sent by the legitimate entity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Does TLS Work?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s put it simply, just to give you an idea without going too techy. To summarize:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Before establishing the connection, the client checks the server\u2019s TLS certificate (more on this in a minute).<\/li>\n\n\n\n<li>Then the <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-asymmetric-encryption-understand-with-simple-examples\/\">asymmetric key pair<\/a> (public and private keys) are verified between the client and the server (handshake).<\/li>\n\n\n\n<li>If the verification is successful, a <a href=\"https:\/\/www.hypr.com\/security-encyclopedia\/session-key\">symmetric session key<\/a><a href=\"https:\/\/www.hypr.com\/security-encyclopedia\/session-key\"><\/a> will be exchanged to allow encryption and decryption of the transmitted data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Where Is Transport Layer Security Used?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Have you ever noticed the small padlock icon in the browser\u2019s address bar? That\u2019s an indicator that the website you\u2019re visiting is using TLS to establish an encrypted connection. In fact, the TLS protocol can be used to protect:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data and file transfers (e.g., <a href=\"https:\/\/cheapsslsecurity.com\/blog\/your-guide-to-https-port-443-and-why-its-critical-to-security\/\">HTTPS<\/a>, which is TLS on top of the traditional hypertext transport protocol).<\/li>\n\n\n\n<li>Emails (e.g., <a href=\"https:\/\/www.cloudflare.com\/en-gb\/learning\/email-security\/what-is-smtp\/\">simple mail transfer protocol<\/a> &#8211; SMTP and <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc2595.html\">internet message access protocol<\/a> \u2013 IMAP).<\/li>\n\n\n\n<li>Instant messaging (e.g., the <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc7590.html\">extensible messaging and presence protocol<\/a> \u2013 XMPP \u2013 the old Jabber for those old enough [like me] to remember it).<\/li>\n\n\n\n<li>Video and audio-conferencing services.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/vpn-endpoint-security-clients\/what-is-vpn.html\">Virtual private network<\/a> (VPN), where the encryption and authentication features are used to create a quasi-tunnel connecting hosts and networks.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"953\" height=\"506\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-tls-is-used.png\" alt=\"An illustration that communicates how TLS secures data on the internet (an otherwise insecure network) by creating secure connections\" class=\"wp-image-7937\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-tls-is-used.png 953w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-tls-is-used-300x159.png 300w\" sizes=\"(max-width: 953px) 100vw, 953px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: The graphic shows a few examples of how TSL is utilized to protect the data exchanged on the internet. From VPN tunneling to encrypted chats, secure emails, and secure browsing (i.e., HTTPS).<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">By the way, did you know that according to the latest <a href=\"https:\/\/www.gigamon.com\/content\/dam\/resource-library\/english\/infographic\/in-2022-tls-trends.pdf\">Gigamon TLS Trend research report<\/a>, 19% of the traffic going in and out of organizations\u2019 networks isn&#8217;t encrypted at all? And that the percentage of unencrypted internal data transmission is even higher, reaching an astonishing 35%?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What TLS Is Not<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">But let\u2019s go back to our TLS protocol. One day, I was reviewing an FAQ document about TLS that was supposed to be published on our internal website.&nbsp; I immediately noticed that the author was using TLS and <a href=\"https:\/\/cheapsslsecurity.com\/blog\/ssl-meaning-definition-for-non-techies\/\">secure socket layer<\/a> (SSL) as interchangeable terms. This is a common misunderstanding, but it isn&#8217;t the only one.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TLS isn&#8217;t the same as SSL. Why? First of all, SSL is the TLS ancestor and is now deprecated (i.e., not recommended). Moreover, even if they practically do the same thing, at the technical level they&#8217;re pretty different protocols. For example, they establish connections differently (i.e., SSL uses <a href=\"https:\/\/www.rebex.net\/kb\/tls-ssl-explicit-implicit\/\">explicit connection where the client requests <\/a><a href=\"https:\/\/www.rebex.net\/kb\/tls-ssl-explicit-implicit\/\"><\/a><a href=\"https:\/\/www.rebex.net\/kb\/tls-ssl-explicit-implicit\/\">SSL encryption while TLS uses implicit<\/a>, where the connection is automatically encrypted from the beginning). The algorithms used (i.e., <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/secauthn\/cipher-suites-in-schannel\">cipher suites<\/a>) during the handshake are also different as TLS uses more secure ones.<\/li>\n\n\n\n<li>A TLS certificate isn\u2019t TLS. Confused? Let me clarify it for you. Despite the term \u201cTLS\u201d often being used to describe <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-a-website-security-certificate\/\">TLS certificates<\/a> (i.e., domain validation [DV], <a href=\"https:\/\/cheapsslsecurity.com\/sslproducts\/organizationvalidatedssl.html\">organization validation<\/a> [OV], and <a href=\"https:\/\/cheapsslsecurity.com\/sslproducts\/extendedvalidation.html\">extended validation<\/a> [EV] digital certificates), they\u2019re actually two separate (but related) things. A TLS certificate is a digital file that enables you to encrypt HTTP traffic using TLS, while TLS is the actual protocol.<\/li>\n\n\n\n<li>It doesn\u2019t secure data on end systems. Want to keep the data residing on a client or a server secure? You&#8217;ll need to opt for something else because TLS can&#8217;t help you with that. Why? Because, as we&#8217;ve just seen, it&#8217;s a protocol that can only secure your data while in transit.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Want to dive more into the technical side of things? If you want a more in-depth look at the TLS protocol, be sure to check out this great video from Computerphile:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Transport Layer Security (TLS) - Computerphile\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/0TLDTodL7Lc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Otherwise, now that you&#8217;ve got a high-level overview of the TLS protocol, let\u2019s move on and explore the different TLS versions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Discover the Different TLS Protocol Versions<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">After the <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc2246\">first version of TLS<\/a> (v.1.0) came to light in 1999, three subsequent versions were released. Version 1.0 and 1.1 were officially <a href=\"https:\/\/datatracker.ietf.org\/doc\/rfc8996\/\">deprecated in March 2021<\/a> (i.e., no longer recommended) by the Internet Engineering Task Force (IETF) after it was discovered that they had several critical vulnerabilities (more on that later).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let&#8217;s have a look at all of them one by one. Hint: check out our summary table for a quick overview of their features. Interested in more details? Read on.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>TLS Protocol Version<\/strong><\/td><td><strong>TLS Version Characteristics<\/strong><\/td><td><strong>Deprecated or In Use?<\/strong><\/td><\/tr><tr><td>TLS Version 1.0<\/td><td>&#8211; Based on SSL 3.0. <br>&#8211; The connection can be downgraded to SSL 3.0. Supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">33% of sites<\/a>. <br>&#8211; Supports only old and deprecated algorithms.<\/td><td>Deprecated.<\/td><\/tr><tr><td>TLS Version 1.1<\/td><td>&#8211; Released in 2008. <br>&#8211; Supports authenticated encryption ciphers. <br>&#8211; Accepted by 35.9% of sites (according to SSL Labs).<br>&#8211; Can only use deprecated and insecure algorithms like MD5 and SHA-1.<\/td><td>Deprecated.<\/td><\/tr><tr><td>TLS Version 1.2<\/td><td>&#8211; Uses more secure algorithms like SHA-256. <br>&#8211; Enables the server to ultimate select the cipher from among those supported by both parties. <br>&#8211; This version isn\u2019t vulnerable to the previously mentioned attacks.\u00a0 <br>&#8211; Supports authenticated encryption with extra data modes. <br>&#8211; Allows the utilization of advanced cipher suites. <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-52r2.pdf\">Required by the National Institute of Standards and Technology<\/a> (NIST) for all government TLS servers and clients. <br>Its full handshake has two round trips of communication.<\/td><td>In use (supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">99.9% of the websites<\/a>).<\/td><\/tr><tr><td>TLS Version 1.3<\/td><td>&#8211; Constitutes the most recent and secure TLS protocol version. <br>&#8211; Mandates perfect forward secrecy (PFS), which involves generating a unique session key for every user to protects keys from being used to decrypt past or future sessions\u2019 data. <br>&#8211; Uses only simple and stronger cipher suites that have no vulnerabilities. <br>&#8211; Replaces the RSA key exchange process with the ephemeral Diffie-Hellman. <br>&#8211; Merges encryption and authentication into a single roundtrip. <br>&#8211; Uses a smaller set of simplified cipher suites.<br>Involves a faster (and shorter) handshake. <br>&#8211; Requires digital signatures, always.<\/td><td>In use (supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">59.8% of the websites<\/a>), although many haven\u2019t implemented it as the default protocol.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">The Deprecated TLS Versions (And Why You Shouldn\u2019t Use Them)<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">These are the oldest TLS versions: v1.0 and v1.1.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. TLS Version 1.0<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s the Macintosh 128k of TLS \u2014 the first and original one. It\u2019s based on SSL 3.0, but at the same time, it\u2019s different when you look at it under the hood. TLS 1.0 is the result of negotiations between Netscape (the creator of the SSL protocol), Microsoft, and IETF. TLS version 1.0:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Allows the connection to be downgraded to SSL 3.0 without changing the protocol, if necessary.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">33% of sites surveyed by SSL Labs<\/a> were still supporting it (January 2023).<\/li>\n\n\n\n<li>Supports only old and deprecated algorithms like MD5 and SHA-1.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2. TLS Version 1.1<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Released in 2008 and documented in the <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc4346\">RFC-4346<\/a>, this enhanced TLS version has the following characteristics:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Supports authenticated encryption ciphers (i.e., a form of encryption ensuring at the same time authentication and confidentiality of data).<\/li>\n\n\n\n<li>Is supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">35.9% of sites surveyed by SSL Labs<\/a> (as of January 2023).<\/li>\n\n\n\n<li>Like its predecessor, it supports only old and deprecated algorithms like MD5 and SHA-1.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Why Were Both Early TLS Versions Deprecated?<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">TLS isn&#8217;t like wine; unfortunately, it doesn&#8217;t improve with age. TLS is more like humans: the older they get, the more vulnerable they become. And for TLS v.1.0 and v.1.1, their vulnerability to attacks was the driving force behind their deprecation that put an end to their cycle.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Over the years, the two TLS protocol versions were victims of several attacks that capitalized on their vulnerabilities. Among them:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.acunetix.com\/blog\/web-security-zone\/what-is-beast-attack\/\"><strong>BEAST<\/strong><\/a>. Similar to <a href=\"https:\/\/cheapsslsecurity.com\/blog\/types-of-man-in-the-middle-attacks\/\">man-in-the-middle attacks<\/a>. The cybercriminal decrypts the contents of a TLS-encrypted session between a browser and a website. Often used to steal sensitive information like HTTPS authentication cookies, it exploits vulnerabilities in block-based cipher suites.<\/li>\n\n\n\n<li><a href=\"https:\/\/nordvpn.com\/blog\/what-is-a-poodle-attack\/\"><strong>POODLE<\/strong><\/a>. The padding Oracle on downgraded legacy encryption (POODLE) was <a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/alerts\/TA14-290A\">announced as a security flaw<\/a> by the U.S. Computer Emergency Readiness Team (US-CERT) in 2014. It allows the attacker to snoop on information exchanged between a client and server acting (once again) as man-in-the-middle after having forced the TLS connection to downgrade to the more vulnerable SSL 3.0 protocol.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"882\" height=\"497\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-poodle-attack-works.png\" alt=\"An illustration that provides a basic overview of how a POODLE downgrade attack works\" class=\"wp-image-7932\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-poodle-attack-works.png 882w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/how-poodle-attack-works-300x169.png 300w\" sizes=\"(max-width: 882px) 100vw, 882px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This is how a cybercriminal can access the transmitted data using a POODLE attack.<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.robotattack.org\/\"><strong>ROBOT<\/strong><\/a>. This old attack exploits a vulnerability in <a href=\"https:\/\/cheapsslsecurity.com\/blog\/what-is-the-rsa-algorithm-a-look-at-rsa-encryption\/\">RSA encryption<\/a>. During the RSA handshake between a client and a server, the attacker sends a series of client key exchange messages with incorrect padding. Based on the server\u2019s responses, they can determine if the server is vulnerable. If it is, they can record traffic and then decrypt and access the information or data later using the server\u2019s private key.<\/li>\n\n\n\n<li><a href=\"https:\/\/sweet32.info\/\"><strong>SWEET 32<\/strong><\/a>. Exploiting vulnerabilities in the previously mentioned block-cipher algorithms (e.g., data encryption standard [<a href=\"https:\/\/www.simplilearn.com\/what-is-des-article\">DES] and triple-DES<\/a>), the attacker uses JavaScript to bombard the server with millions of requests creating a <a href=\"https:\/\/xlinux.nist.gov\/dads\/HTML\/collision.html\">collision<\/a> (i.e., two cipher blocks with the same key). He can then easily decrypt and access the information.&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.theregister.com\/2013\/02\/04\/unlucky_13_crypto_attack\/\"><strong>LUCKY 13<\/strong><\/a>. Probably the most complex of the whole lot mentioned here, it\u2019s similar to the <a href=\"https:\/\/www.youtube.com\/watch?v=lkPBTJ3yiCI\">padding Oracle attack<\/a>. The attacker relies on the different processing times between TLS messages (e.g., two bytes of padding are processed faster than one-byte padding). With OpenSSL, the attacker can recover the full transmitted plaintext.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">I guess these are more than enough reasons to justify the deprecation of these two TLS versions, don\u2019t you think? So, what about the latest TLS versions that are still in use and haven\u2019t been deprecated? This is what we\u2019re going to discover next.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The Latest TLS Versions in Use<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">TLS 1.2 and TLS 1.3 are the latest addition to the TSL family. Both offers improved security, performance, and reliability over their predecessors. Let&#8217;s explore their key characteristics in more detail.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3. TLS Version 1.2<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">Based on TLS 1.1, TLS 1.2 was released by the IETF in 2008 with the <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc5246\">RFC-5246<\/a>. To date, it\u2019s the most commonly used TLS protocol version. It\u2019s supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\"><\/a>99.9% of the websites analyzed by SSL Labs (as of January 2023). Yup. It\u2019s basically used by everyone, and it should be the minimum version utilized. Its most important features?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The old and insecure algorithms MD5 and SHA-1 used in the previous versions have been replaced by the more secure SHA-256.<\/li>\n\n\n\n<li>The cipher used is ultimately selected by the server among those supported by both parties.<\/li>\n\n\n\n<li>This version isn&#8217;t vulnerable to the previously mentioned attacks.&nbsp;<\/li>\n\n\n\n<li>Supports authenticated encryption with extra data modes.<\/li>\n\n\n\n<li>Allows the utilization of advanced cipher suites supporting <a href=\"https:\/\/blog.cloudflare.com\/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography\/\">elliptic<\/a><a href=\"https:\/\/blog.cloudflare.com\/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography\/\"><\/a><a href=\"https:\/\/blog.cloudflare.com\/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography\/\"> curve cryptography<\/a>, an alternative to RSA, offering the same level of security with a smaller key size. This is often used in combination with the <a href=\"https:\/\/www.simplilearn.com\/tutorials\/cryptography-tutorial\/aes-encryption\">advanced encryption standard<\/a> (AES) encryption that was announced in 2001 by the <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/fips\/nist.fips.197.pdf\">Federal Information Processing Standards Publications<\/a> (FIPS).<\/li>\n\n\n\n<li>TLS 1.2 is <a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-52\/rev-2\/final\">required by the National Institute of Standards and Technology<\/a> (NIST) for all government TLS servers and clients.<\/li>\n\n\n\n<li>Its full handshake has a total of two roundtrips of communication, making it a bit slower compared to the latest TLS version 1.3 (more on that in a minute).<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"883\" height=\"592\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-handshake.png\" alt=\"A basic look at the TLS 1.2 handshake and the two roundtrips involved in it\" class=\"wp-image-7933\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-handshake.png 883w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-handshake-300x201.png 300w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-handshake-270x180.png 270w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-handshake-770x515.png 770w\" sizes=\"(max-width: 883px) 100vw, 883px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This graphic shows the steps (more specifically, roundtrips) that are involved in the TLS 1.2 handshake.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Speaking of benefits\u2026 by implementing TLS 1.2, you&#8217;ll kill more than two birds with a stone. Why? It&#8217;ll help you get compliant with geographic and industry standards such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The EU <a href=\"https:\/\/gdpr.eu\/\">General Data Protection Regulation<\/a> (GDPR),<\/li>\n\n\n\n<li>The <a href=\"https:\/\/www.hhs.gov\/hipaa\/for-professionals\/security\/laws-regulations\/index.html\">Health Insurance Portability and Accountability Act<\/a> (HIPAA) and,<\/li>\n\n\n\n<li>The <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI-DSS-v4_0.pdf\">Payment Card Industry Data Security Standard<\/a> (PCI-DSS).<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Be careful, though, as TLS 1.2 is considered a secure protocol only if you remove old algorithms and ciphers! Don\u2019t forget it during your implementation. Want to know more about it? Don\u2019t miss our next article where we&#8217;ll take a closer look at this popular protocol.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4. TLS Version 1.3<\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">This is the most recent TLS protocol version. Launched in 2018 with <a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc8446\">RFC-8446<\/a>, it offers the highest security possible, in part because it mandates the <a href=\"https:\/\/scotthelme.co.uk\/perfect-forward-secrecy\/\">perfect forward secrecy<\/a> (PFS). <a href=\"https:\/\/cloud.google.com\/docs\/security\/encryption-in-transit\/application-layer-transport-security\"><\/a><a href=\"https:\/\/developer.apple.com\/documentation\/security\/preventing_insecure_network_connections\"><\/a>With this system, unique session keys are generated for every user session and are discarded at the end of the session. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What this does is help to prevent old session keys from being used to decrypt data from old sessions (or future sessions since the same session keys won\u2019t be reused and shouldn\u2019t be stored). This is the reason why this encryption system is also used by <a href=\"https:\/\/cloud.google.com\/docs\/security\/encryption-in-transit\/application-layer-transport-security\">Google<\/a> and <a href=\"https:\/\/developer.apple.com\/documentation\/security\/preventing_insecure_network_connections\">Apple<\/a>.\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Why is it so secure? Because even if your most recent key is stolen, the damage will be limited as the compromised key has only been used for one communication session. It\u2019s the perfect way to limit the damage of SSL\/TLS bugs like <a href=\"https:\/\/heartbleed.com\/\">Heartbleed<\/a>, which was discovered in 2014.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But there\u2019s more. TLS 1.3:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Eliminates support of old and weak algorithms and cipher suites.<\/strong> That\u2019s right \u2014 no more <a href=\"https:\/\/www.avast.com\/c-md5-hashing-algorithm\">MD5<\/a>, <a href=\"https:\/\/www.geeksforgeeks.org\/sha-1-hash-in-java\/\">SHA-1<\/a>, RSA key exchange, and <a href=\"https:\/\/www.okta.com\/identity-101\/rc4-stream-cipher\/\">RC4 cipher<\/a> (just to name a few). The latest TLS version uses only simple and stronger cipher suites that have no known vulnerabilities.<\/li>\n\n\n\n<li><strong>Replaces the RSA key exchange process with the ephemeral Diffie-Hellman.<\/strong> One of the biggest attractions of TLS 1.3 is the concept of perfect forward secrecy. To enable PFS, the client and the server must generate a new shared key for every session using unique parameters. Doing this helps to prevent past or future sessions from being compromised (except, of course, for the one that uses the single compromised key). \u00a0<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Learn more about Diffie-Hellman and PFS in the following Computerphile short video:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Secret Key Exchange (Diffie-Hellman) - Computerphile\" width=\"770\" height=\"433\" src=\"https:\/\/www.youtube.com\/embed\/NmM9HA2MQGI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Merges encryption and authentication into one single step.<\/strong> This reduces the number of negotiations between the client and the server, making everything faster. In practice, the server sends the shared cryptographic key right after the first connection attempt request.<\/li>\n\n\n\n<li><strong>Uses a smaller set of simplified cipher suites.<\/strong> All previous TLS versions included multiple ciphers (see the example in the graphic below). In TLS 1.3, the key exchange and the signature algorithm are eliminated. Moreover, the number of possible combinations has been reduced to five. Less is more when it comes to choices of cryptographic ciphers.\u00a0<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"916\" height=\"523\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-vs-tls-13-cipher-suite.png\" alt=\"A comparison that shows that difference between a TLS 1.2 cipher suite and a TLS 1.3 cipher suite. \" class=\"wp-image-7935\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-vs-tls-13-cipher-suite.png 916w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-vs-tls-13-cipher-suite-300x171.png 300w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-12-vs-tls-13-cipher-suite-900x515.png 900w\" sizes=\"(max-width: 916px) 100vw, 916px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: The graphic shows an example of the TLS 1.2 cipher suite and the shorter TLS 1.3 cipher suite<\/em><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Has a faster (and shorter) handshake than its predecessor.<\/strong> This is, in part, because the number of negotiations has been reduced, resulting in a single roundtrip instead of multiple roundtrips.<\/li>\n\n\n\n<li><strong>Requires the server to cryptographically sign the whole handshake.<\/strong> This makes downgrading attacks (e.g., POODLE) impossible as the attackers are unable to modify any parameters.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"911\" height=\"508\" src=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-13-handshake-roundtrip.png\" alt=\"A basic look at the TLS 1.3 handshake and the single roundtrip involved in it\" class=\"wp-image-7936\" srcset=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-13-handshake-roundtrip.png 911w, https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-13-handshake-roundtrip-300x167.png 300w\" sizes=\"(max-width: 911px) 100vw, 911px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: As shown in the graphic, TLS 1.3 handshake is much shorter than its predecessor\u2019s.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">So, if TLS 1.3 is the most secure TSL protocol version, how comes it\u2019s only supported by <a href=\"https:\/\/www.ssllabs.com\/ssl-pulse\/\">59.8% of the sites<\/a> (as of January 2023, so far) even if it works with the latest versions of all <a href=\"https:\/\/caniuse.com\/?search=tls%201.3\">major browsers<\/a>? Well, first of all, we all know that it takes time to adopt new standards, above all when many organizations are still using legacy (i.e., outdated) software and if you take into account that TLS 1.2 is still considered \u201csecure enough\u201d for many uses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Just to give you an example, I remember taking my friends to a hotel recently and seeing the receptionist typing on an old Windows XP computer. Yup! Even if its support ended in 2014, some people are still using it nearly 10 years later. (According to statistics, in December 2022, <a href=\"https:\/\/gs.statcounter.com\/os-version-market-share\/windows\/desktop\/worldwide\">Windows XP was still used by 0.49%<\/a> of Windows users). See how long it can take for popular software to be fully replaced?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another reason is also that, sometimes it could be a double sword. How? Let&#8217;s take PFS. It&#8217;s great for security as the TLS sessions are nearly impossible to decrypt without the proper key. No doubt about that. On the other hand, PFS makes TLS sessions impenetrable not only to the attackers but also to security teams and organizations trying to intercept malware and malicious attacks during data transmission. Some tools can help, of course, but teams will have to adapt.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Having said that, even if it will take time to reach TLS 1.2 adoption numbers, TLS 1.3 remains the more secure, light, and fast TLS version actually available. So, the question to ask is: are you willing to trade some of the convenience offered by TLS 1.2 (e.g., easier to monitor for malware) to gain greater security? I would.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By the way, do you know what version(s) of your systems use or support? No? We\u2019ve already put together a <a href=\"https:\/\/cheapsslsecurity.com\/blog\/tls-checker-how-to-check-the-tls-version-of-a-website\/\">TLS checker<\/a> resource that will walk you through how to check the TLS version of a website uses and supports. It&#8217;s easy and it takes only a couple of minutes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts on TLS Versions: What They Are and Which Ones Are Still Supported<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">TLS is one of the most reliable tools to help you address the most critical data transmission security issues:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensures that the person you&#8217;re communicating with really is who they claim to be.<\/li>\n\n\n\n<li>Makes sure that the transmitted data haven\u2019t been altered in transit.<\/li>\n\n\n\n<li>Shields your data from prying eyes during transmission.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Want to boost the security of your internet communications between web browsers and applications with TLS?<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Follow the most common standards from NIST, IETF, FIPS. Keeping your data as secure as possible will also help you stay compliant with any industry and regional regulations such as:<ul><li>European Union\u2019s General Data Protection Regulation (GDPR),<\/li><\/ul><ul><li>Health Insurance Portability and Accountability Act (HIPAA), and<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Payment Card Industry Data Security Standards (PCI-DSS).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Migrate to TLS version 1.2 as a minimum if you haven\u2019t done it yet.<\/li>\n\n\n\n<li>Disable the deprecated TLS versions 1.0 and 1.1. Most major browsers <a href=\"https:\/\/thehackernews.com\/2018\/10\/web-browser-tls-support.html\">have already deprecated them<\/a>. You\u2019ll no longer be vulnerable to attacks like BEAST and POODLE.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Last but not least, now that you know the basics of TLS, don&#8217;t miss our next article dedicated to the most widely supported TLS version: 1.2. Learn where it&#8217;s used, why it\u2019s important for data security, and much more. Next, on this blog!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is your organization still supporting insecure TLS protocol versions? That&#8217;s a bad idea when more than 85% of attacks in 2022 were found to use encrypted connections. Discover everything you need to know about the different TLS versions and which ones you should use to take your business\u2019s data security to new heights Did you<\/p>\n","protected":false},"author":8,"featured_media":7940,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[824,823],"class_list":["post-7929","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ssl-pki","tag-tls-protocol","tag-tls-versions"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TLS Versions: What They Are and Which Ones Are Still Supported?<\/title>\n<meta name=\"description\" content=\"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different &amp; which are still supported.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TLS Versions: What They Are and Which Ones Are Still Supported?\" \/>\n<meta property=\"og:description\" content=\"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different &amp; which are still supported.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/\" \/>\n<meta property=\"og:site_name\" content=\"Savvy Security\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cheapsslsecurities\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-30T18:11:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-01-30T18:11:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Savvy Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:site\" content=\"@sslsecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Savvy Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/\"},\"author\":{\"name\":\"Savvy Security\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"headline\":\"TLS Versions: What They Are and Which Ones Are Still Supported?\",\"datePublished\":\"2023-01-30T18:11:00+00:00\",\"dateModified\":\"2023-01-30T18:11:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/\"},\"wordCount\":3296,\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/tls-versions.jpg\",\"keywords\":[\"TLS Protocol\",\"TLS Versions\"],\"articleSection\":[\"SSL &amp; PKI\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/\",\"name\":\"TLS Versions: What They Are and Which Ones Are Still Supported?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/tls-versions.jpg\",\"datePublished\":\"2023-01-30T18:11:00+00:00\",\"dateModified\":\"2023-01-30T18:11:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\"},\"description\":\"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different & which are still supported.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/tls-versions.jpg\",\"contentUrl\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/tls-versions.jpg\",\"width\":1600,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/tls-versions-what-they-are-and-which-ones-are-still-supported\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TLS Versions: What They Are and Which Ones Are Still Supported?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/\",\"name\":\"Savvy Security\",\"description\":\"Practical cybersecurity advice\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ce9a5743b7f25b5be6e4972864b4493\",\"name\":\"Savvy Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g\",\"caption\":\"Savvy Security\"},\"description\":\"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\\\/7 security teams.\",\"sameAs\":[\"blogadmin\"],\"url\":\"https:\\\/\\\/cheapsslsecurity.com\\\/blog\\\/author\\\/blogadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TLS Versions: What They Are and Which Ones Are Still Supported?","description":"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different & which are still supported.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/","og_locale":"en_US","og_type":"article","og_title":"TLS Versions: What They Are and Which Ones Are Still Supported?","og_description":"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different & which are still supported.","og_url":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/","og_site_name":"Savvy Security","article_publisher":"https:\/\/www.facebook.com\/cheapsslsecurities","article_published_time":"2023-01-30T18:11:00+00:00","article_modified_time":"2023-01-30T18:11:18+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg","type":"image\/jpeg"}],"author":"Savvy Security","twitter_card":"summary_large_image","twitter_creator":"@sslsecurity","twitter_site":"@sslsecurity","twitter_misc":{"Written by":"Savvy Security","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#article","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/"},"author":{"name":"Savvy Security","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"headline":"TLS Versions: What They Are and Which Ones Are Still Supported?","datePublished":"2023-01-30T18:11:00+00:00","dateModified":"2023-01-30T18:11:18+00:00","mainEntityOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/"},"wordCount":3296,"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg","keywords":["TLS Protocol","TLS Versions"],"articleSection":["SSL &amp; PKI"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/","url":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/","name":"TLS Versions: What They Are and Which Ones Are Still Supported?","isPartOf":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#primaryimage"},"image":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#primaryimage"},"thumbnailUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg","datePublished":"2023-01-30T18:11:00+00:00","dateModified":"2023-01-30T18:11:18+00:00","author":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493"},"description":"What you need to know about the TLS protocol versions \u2014 what the TLS versions are, how they\u2019re different & which are still supported.","breadcrumb":{"@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#primaryimage","url":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg","contentUrl":"https:\/\/cheapsslsecurity.com\/blog\/wp-content\/uploads\/2023\/01\/tls-versions.jpg","width":1600,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/cheapsslsecurity.com\/blog\/tls-versions-what-they-are-and-which-ones-are-still-supported\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cheapsslsecurity.com\/blog\/"},{"@type":"ListItem","position":2,"name":"TLS Versions: What They Are and Which Ones Are Still Supported?"}]},{"@type":"WebSite","@id":"https:\/\/cheapsslsecurity.com\/blog\/#website","url":"https:\/\/cheapsslsecurity.com\/blog\/","name":"Savvy Security","description":"Practical cybersecurity advice","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cheapsslsecurity.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cheapsslsecurity.com\/blog\/#\/schema\/person\/1ce9a5743b7f25b5be6e4972864b4493","name":"Savvy Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4e5539150b16b5af1d22136f03dedda89a96babb3e9b5ceb18c2bde4e1dcba57?s=96&d=mm&r=g","caption":"Savvy Security"},"description":"Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24\/7 security teams.","sameAs":["blogadmin"],"url":"https:\/\/cheapsslsecurity.com\/blog\/author\/blogadmin\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/comments?post=7929"}],"version-history":[{"count":0,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/posts\/7929\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media\/7940"}],"wp:attachment":[{"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/media?parent=7929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/categories?post=7929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cheapsslsecurity.com\/blog\/wp-json\/wp\/v2\/tags?post=7929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}