TLS Versions
Transport Layer Security has evolved from SSL 3.0 in 1996 to TLS 1.3 in 2018. This reference summarises what each version changed and which versions are still safe to support.
Version timeline
| Version | Year | Status | Notes |
|---|---|---|---|
| SSL 2.0 | 1995 | Prohibited (RFC 6176) | Broken design. Disable everywhere. |
| SSL 3.0 | 1996 | Deprecated (RFC 7568) | POODLE attack. Disable. |
| TLS 1.0 | 1999 | Deprecated (RFC 8996) | Vulnerable to BEAST. Disable for new deployments. |
| TLS 1.1 | 2006 | Deprecated (RFC 8996) | Disabled by all major browsers in 2020. |
| TLS 1.2 | 2008 | Supported | AEAD ciphers (AES-GCM, ChaCha20-Poly1305). Still widely used. |
| TLS 1.3 | 2018 | Recommended | Cleaner handshake, 1-RTT and 0-RTT, no static RSA, no CBC, no compression. |
What TLS 1.3 removed
- Static RSA key exchange (no forward secrecy).
- CBC-mode ciphers (only AEAD permitted).
- RC4, 3DES, MD5, SHA-1 signatures.
- Compression (CRIME attack).
- Renegotiation (replaced with key update / post-handshake auth).
What TLS 1.3 added
- 1-RTT handshake by default; 0-RTT for resumed sessions (with replay tradeoffs).
- Encrypted handshake messages after ServerHello.
- Simplified, AEAD-only cipher suites (e.g.
TLS_AES_128_GCM_SHA256).
Recommendation. Support TLS 1.2 and TLS 1.3. Disable everything older. Prefer ECDHE key exchange and AEAD ciphers. See Mozilla's SSL config generator for current intermediate / modern profiles.