Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
Security ChecksTLS Version
TLSCritical PriorityFree

Check TLS Version Online — Test TLS 1.0, 1.1, 1.2 & 1.3 Support

Updated June 2026·SecScanner Team

TLS (Transport Layer Security) protocol version determines the cryptographic security of every HTTPS connection your server makes. Modern servers must support TLS 1.2 or TLS 1.3 — the only versions considered secure by current standards.

Why It Matters

TLS 1.0 and TLS 1.1 were deprecated by the IETF in RFC 8996 (2021) and are disabled by default in Chrome, Firefox, Safari, and Edge. Servers that still accept these old versions are vulnerable to known attacks including BEAST (CVE-2011-3389) and POODLE (CVE-2014-3566). Beyond security: PCI DSS 3.2+ mandates TLS 1.2 as the minimum — accepting TLS 1.0/1.1 will fail compliance audits. TLS 1.3, introduced in RFC 8446 (2018), eliminates entire classes of legacy vulnerabilities, reduces handshake round-trips by one, and enables 0-RTT resumption for returning visitors. Supporting TLS 1.3 is both a security improvement and a measurable performance gain.

How We Check

SecScanner initiates TLS handshakes against your server using each protocol version — TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 — and records which are accepted. A check passes when TLS 1.2 or TLS 1.3 is supported and deprecated versions (1.0/1.1) are rejected. We also detect if your server negotiates the highest available version correctly.

How to Fix

Disable TLS 1.0 and TLS 1.1, enable TLS 1.2 and 1.3. Configuration by server:

Nginx — in nginx.conf:

ssl_protocols TLSv1.2 TLSv1.3;

Apache — in ssl.conf or VirtualHost:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

Caddy — Caddy defaults to TLS 1.2+ automatically; no change needed.

Node.js / Express — pass minVersion to the https module:

https.createServer({ minVersion: 'TLSv1.2' }, app)

After editing, reload your server (nginx -s reload / systemctl reload apache2) and verify with openssl s_client -tls1 yoursite.com — a connection failure confirms TLS 1.0 is disabled.

Frequently Asked Questions

What TLS version should my server use?

Your server must support TLS 1.2 as a minimum and ideally TLS 1.3. TLS 1.0 and 1.1 must be disabled — they are deprecated by RFC 8996, blocked by all major browsers, and fail PCI DSS compliance. TLS 1.3 is the current standard: it removes legacy cipher suites, reduces handshake latency, and supports 0-RTT session resumption.

How do I check which TLS version my server supports?

Use SecScanner's free TLS version checker above — enter your URL and you'll see every TLS version your server accepts within seconds. You can also check manually with OpenSSL: `openssl s_client -connect yoursite.com:443 -tls1` (should fail if TLS 1.0 is disabled), `openssl s_client -connect yoursite.com:443 -tls1_3` (should succeed). For a quick browser check, open DevTools → Security tab and look at the 'Connection' section.

Why is TLS 1.0 dangerous?

TLS 1.0 (1999) relies on MD5 and SHA-1 for MAC authentication and supports cipher suites that are now known-weak. The BEAST attack (2011) demonstrated a practical chosen-plaintext attack against TLS 1.0 CBC mode ciphers. The POODLE attack (2014) is also partially applicable. Even with mitigations, TLS 1.0 lacks the modern AEAD ciphers (AES-GCM, ChaCha20-Poly1305) available in TLS 1.2/1.3 — there is no reason to keep it enabled.

What is the difference between TLS 1.2 and TLS 1.3?

TLS 1.3 (RFC 8446, 2018) is a major redesign: it cuts the handshake from 2 round-trips to 1 (improving latency), removes all legacy cipher suites (RC4, 3DES, SHA-1), mandates forward secrecy for every connection, and adds 0-RTT resumption for returning visitors. TLS 1.2 is still secure when configured correctly, but TLS 1.3 is simpler, faster, and eliminates configuration mistakes that weaken TLS 1.2.

Does disabling TLS 1.0/1.1 break older browsers?

In practice, no — all browsers released after 2016 support TLS 1.2. Chrome 84+ (2020), Firefox 78+ (2020), and Safari 14+ (2020) have already removed TLS 1.0/1.1 support. If you need to support very old systems (Windows XP IE8 with optional TLS 1.2), keep TLS 1.2 enabled. Disabling TLS 1.0/1.1 only drops users on browsers that are themselves already flagged as insecure.

Does my TLS version affect SEO or Google ranking?

Google has used HTTPS as a ranking signal since 2014. While Google does not explicitly use TLS version as a ranking factor, outdated TLS versions trigger browser security warnings on older Chromium builds, which increase bounce rate — a confirmed negative ranking signal. Enabling TLS 1.3 also reduces page load time via faster handshakes, contributing to Core Web Vitals (LCP).

Related Security Checks

TLS

Deprecated TLS versions

TLS

Cipher Suite

TLS

OCSP Stapling

Related Tool

SSL Checker

Run all 10 related checks with our free ssl checker

Check Your Website Now

Run a free security scan to check for TLS Version issues and 62+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.