TLS Versions Explained: 1.0, 1.1, 1.2 and 1.3

Support TLS 1.2 and TLS 1.3 today, and disable TLS 1.0 and TLS 1.1, which are deprecated and insecure. That single rule covers almost every real decision about TLS protocol versions. The rest is detail: what changed between releases, why the old ones were retired, and how to confirm what a site negotiates. For background on the certificates these protocols rely on, see SSL/TLS certificates explained.

TLS is the protocol that encrypts a connection after the certificate has been validated. Each version refines the handshake and the set of allowed ciphers. People often blur the terms; if the naming trips you up, SSL vs TLS untangles it, and the same negotiation underpins many of the failures in common SSL errors. A quick history shows why only the newest versions still matter, and the pillar at SSL/TLS certificates explained ties it all together.

A short history

SSL came first, from Netscape in the mid-1990s, and was renamed TLS when the IETF took it over. TLS 1.0 arrived in 1999, 1.1 in 2006, 1.2 in 2008, and 1.3 in 2018. Each step tightened cryptography and closed gaps that attacks had exposed in the version before.

TLS 1.0 and 1.1 are done

Both early versions are formally deprecated. RFC 8996 instructs that TLS 1.0 and 1.1 must not be used, citing weak constructions such as their reliance on MD5 and SHA-1 in the handshake and a lack of modern, authenticated cipher modes. Real attacks, including BEAST and padding oracle issues, made the case concrete. Major browsers removed support years ago, so leaving these versions enabled exposes a server without serving any current client.

TLS 1.2 is the workhorse

RFC 5246 defined TLS 1.2, and it remains widely deployed. It introduced authenticated encryption modes (AEAD ciphers like AES-GCM) and let the handshake negotiate the hash used for signatures, which removed the hardwired MD5/SHA-1 dependency of older versions. Configured with strong cipher suites, TLS 1.2 is secure and stays a sensible fallback for clients that cannot yet speak the newest version.

TLS 1.3 is the current best

RFC 8446 specifies TLS 1.3, the version to prefer. It cuts the handshake to a single round trip in the common case (with an optional zero round trip resumption), which makes connections faster. It also strips out the legacy ciphers that caused trouble, keeping only a small, audited set, and it makes forward secrecy mandatory, so capturing a server's long-term key cannot decrypt past recorded sessions. Fewer options means a smaller attack surface and less room for misconfiguration.

Versions at a glance

Version	Year	Status	Recommendation
TLS 1.0	1999	Deprecated (RFC 8996)	Disable
TLS 1.1	2006	Deprecated (RFC 8996)	Disable
TLS 1.2	2008	Current	Support
TLS 1.3	2018	Current, preferred	Support and prefer

What to support today

Enable TLS 1.2 and 1.3, turn off everything older, and prefer 1.3 where the client offers it. That pairing covers every modern browser and API client while keeping deprecated protocols off the wire. Review your cipher list periodically too, since a current protocol version paired with weak ciphers still leaves gaps.

How to check the negotiated version

You can confirm the version a site lands on in several ways. In a browser, open the developer tools security panel and look at the connection details for the page. From a terminal, a command such as openssl s_client -connect example.com:443 -tls1_2 tells you whether a given version is accepted, and the handshake output reports the negotiated protocol and cipher. Automated scanners report the same data across all versions at once, which is quicker when you want the full picture rather than poking at one version at a time.

Curious which TLS versions and ciphers your own site actually offers? Run a free SSL check at DomainIntel and see the negotiated protocol, certificate details, and configuration in one report.