book cover

Bulletproof TLS Guide  

Comprehensive and yet concise guide to practical SSL/TLS and PKI configuration. Includes coverage of TLS server configuration and web application security. Written by Ivan Ristić.

1.2.1 Use Secure Protocols

A web site intended for public use usually needs to support TLS 1.3 and TLS 1.2 at minimum. It’s very likely that you don’t need TLS 1.1 and TLS 1.0; modern browsers no longer support them. The remaining protocols, SSL 3 and SSL 2, are both obsolete and insecure.

SSL 2 is completely broken

This is an ancient protocol version that is so bad that it can be used to attack even well-configured servers that use overlapping certificates or private keys (the so-called DROWN attack).

SSL 3 is obsolete and insecure

Although it received some scrutiny by the cryptographic community at its time of release, this protocol version was later found to be pretty bad. It’s old, obsolete, and insecure. Do not use it.

TLS 1.0 is a legacy protocol that lacks essential capabilities

This was the first protocol version to be considered reasonably secure, but it’s now obsolete. Modern user agents no longer support it, but you may come across some old tools that don’t know anything better.

TLS 1.1 is the protocol everybody ignored

TLS 1.1 has only small improvements over TLS 1.0. It was largely ignored by user agents, which is why today there probably aren’t any tools that support TLS 1.1 but don’t support TLS 1.2.

TLS 1.2 is a relatively modern protocol

This protocol version can be used to provide good security, but doing so is error prone and requires a significant time investment to understand the sharp edges. For this reason, TLS 1.2 has been abandoned in favor of TLS 1.3. Modern user agents no longer support TLS 1.2, but properties designed for wide audiences may still need it for interoperability.

TLS 1.3 is a robust modern protocol

TLS 1.3 is a completely reworked revision of TLS that supports only secure primitives and builds a foundation for the future. This protocol version, which modern browsers and user agents support, should be what protects most of your network communication. Per the IETF, this is the only protocol version that will provide support for post-quantum security.

If you need to support very old user agents and wish to continue to use TLS 1.0, base your decisions on evidence, not fear. As a starting point, enable connection parameter logging to observe what is actually used. This protocol version is no longer considered secure, so tread carefully.

< Prev
^ Table of Contents
Next >