This is the fifth in our series of insights that seek to explore and simplify the topic of SSL (and TLS) in web application hosting. In our previous insight, we looked at Certificate Authorities and The Signing Process; in this insight, we’ll explore what’s important to know about TLS and the versions of TLS available.
SSL vs TLS
SSL is like the older brother of TLS. It was the first secret code used on the internet. But people realised that they needed an even better secret code over time. That’s why TLS was created. It’s a newer, more robust code that better protects our information. For simplicity, we’ll skip over much of the complexity and history and can say for website security, we use the term “SSL” when discussing certificates and “TLS” when talking about communication.
Why does the TLS version matter?
Like how software gets updates to improve them, TLS also gets updates, and each new version has better tricks to keep our secrets safe. Websites need to use the latest version so they have the best protection. When you go to a website, your web browser and the website do a secret handshake using TLS. This handshake decides which version of the secret code they will use. If a website uses an older version, it’s like having a rusty lock on your secret clubhouse door. But if it uses the latest version, it’s like having a super strong, shiny lock that keeps everything safe. While we may be keeping our web servers updated to use the latest and greatest version, we cannot necessarily expect our visitor and their web browsers to always have the newest version, so we need to make sure we offer multiple versions and give them time to upgrade.
Which TLS versions should I use?
Your choice of TLS version(s) is typically determined by the sensitivity of the information you exchange, the nature of your users and their use of different web browsers and operating systems. A fantastic resource for exploring support and market share for TLS versions in web browsers is caniuse.com; we can summarise this as:
- TLS1.0 – Deprecated (shows warning or fails) in Chrome, Edge, Firefox, Internet Explorer 11, & Safari.
- TLS1.1 – Deprecated (shows warning or fails) in Chrome, Edge, Firefox, Internet Explorer 11, & Safari.
- TLS1.2 – Supported on all modern web browsers and OS, but NOT natively supported on older versions like Windows XP/Vista or earlier.
- TLS1.3 – Supported on all modern web browsers, but NOT natively supported on older versions like Windows 8 or earlier.
In 2023, if you are exchanging personal information, you should be supporting TLS1.3 and TLS1.2; you would only want to keep TLS1.1 and 1.0 in specific scenarios where you know your users cannot upgrade.
More in the Simplifying SSL/TLS series
- SSL Basics – What is SSL?
- SSL Certificate Terminology
- EV vs DV vs OV vs FREE SSL Certificates
- Certificate Authorities and The Signing Process
- TLS and Versions
- Web Server Headers
- Mixed Content Warning
- Testing & Tools
Pipe Ten Hosting Ltd is A leading web hosting company within the UK that has provided a wide range of web hosting and online infrastructure management services to its members since 2002. They are ISO/IEC 27001 certified, having achieved the internationally recognised accreditation for Information Security Management.