SSL/TLS are protocols for encrypting traffic between a client and a server, as well as enabling the client to determine that it is talking to the expected server and not an imposter. In web applications they are most commonly used for encrypting HTTP traffic (i.e. requests for web pages, images etc.), however they can also be used for other traffic such as database connections.
Although people still refer to SSL (Secure Sockets Layer) certificates, all websites now should be using TLS (Transport Layer Security).
The two things you need to know are:
- TLS 1.2 and 1.3 are the only protocols and versions considered secure.
- TLS 1.3 is not supported by all clients, so servers should support 1.2 and 1.3.
However, if you have an application which is only acccessed by clients under your control, you may be able to restrict connections to TLS 1.3 only.
A breakdown of the protocols and versions is shown below:
| Protocol | Version | Secure | Notes |
|---|---|---|---|
| SSL | 1 | No | Never publicly released |
| SSL | 2 | No | Deprecated in 2011 by RFC 6176 |
| SSL | 3 | No | Deprecated in 2015 by RFC 7568 |
| TLS | 1.0 | No | Deprecated in 2021 by RFC 8996 |
| TLS | 1.1 | No | Deprecated in 2021 by RFC 8996 |
| TLS | 1.2 | Yes | Widely supported by clients |
| TLS | 1.3 | Yes | Not supported by all clients |