What Is SSL/TLS?

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that provide secure, encrypted communication over a network. TLS is the modern successor to SSL - All versions of SSL are now deprecated and insecure. When you see HTTPS in your browser's address bar, the connection is protected by TLS. Check any website's certificate with our SSL certificate checker.

Protocol Version History

Version	Released	Status	Known Vulnerabilities
SSL 1.0	Never public	Never released	Severe flaws found in design
SSL 2.0	1995	Deprecated - RFC 6176 (2011)	DROWN, POODLE, BEAST
SSL 3.0	1996	Deprecated - RFC 7568 (2015)	POODLE, DROWN
TLS 1.0	1999	Deprecated - RFC 8996 (2021)	BEAST, Lucky13, POODLE (via fallback)
TLS 1.1	2006	Deprecated - RFC 8996 (2021)	BEAST (partial), Lucky13
TLS 1.2	2008	Current - Widely supported	Secure when configured correctly
TLS 1.3	2018	Current - Recommended	None known; significantly redesigned

What TLS Protects and What It Doesn't

Protected by TLS	NOT Protected by TLS
Content of your request (passwords, form data, page content)	The domain name you're connecting to (visible in SNI and DNS)
Response data from the server	The fact that you're connecting to a server (IP is still visible)
Integrity - Tampering is detected	Metadata: connection timing, data volume
Server identity (certificate authentication)	Client identity - Servers can't verify who you are via TLS alone

What Makes a Valid TLS Certificate

• Issued by a trusted Certificate Authority (CA) - Browsers ship with a list of ~100 trusted root CAs.
• Covers the exact domain name(s) being accessed - A certificate for example.com is not valid for sub.example.com unless it includes a Subject Alternative Name (SAN) for the subdomain.
• Not expired - Certificates must be renewed; Let's Encrypt issues 90-day certificates for free.
• Not revoked - CAs can revoke certificates via CRL or OCSP if the private key is compromised.
• TLS 1.2+ negotiated - Any server still offering TLS 1.0/1.1 should be reconfigured.