This site uses cookies and other tracking technologies to make possible your usage of the website, assist with navigation and your ability to provide feedback, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide better user experience.

By using the website, you agree to our Privacy policy

Accept and continue

Report a bug

Cancel
16
How-to 6 min read October 2, 2019

How to update the TLS protocol version on the website

The TLS protocol is an advanced modification of SSL, which protects data when transmitting it on the Internet. Using legacy SSL protocol leads to vulnerabilities that can be avoided by switching to TLS.

What is the TLS protocol

The TLS protocol is an abbreviation of "transport layer security", which translates from English as the protocol of "transport layer protection". This protocol was created for the same purpose as its predecessor SSL - to protect data on the Internet. At the same time, it has additional features that allow you to use the protocol not only in browsers but also in instant messengers, IP-telephony.

This protocol is regularly improved and updated by IETF to ensure strong encryption, authentication, and data integrity. The latest version of the specification at the moment is TLS 1.3, which appeared in August 2018.

The need for an updated data protection protocol arose in 1999, as vulnerabilities were discovered in the SSL protocol. Now all versions of the SSL protocol have been successfully attacked using POODLE. The specified attack allows substituting user data and decrypting information transmitted by a secure data channel by byte.

What is the difference between the SSL and TLS protocols

Given that the TLS protocol is based on SSL, the two options are quite similar. In fact, we can assume that TLS 1.0 is SSLv3.1. Various companies are involved in protocol development - SSL was created by Netscape, TLS - IEFL.

TLS has some differences with the SSL protocol: the keys and the list of font sets differ, there is a difference in the pseudo-random PRF function and the HMAC hash function used to build a block of symmetric keys when encrypting data. A number of algorithms have been added to the TLS protocol to ensure the security of the data channel.

In fact, many users continue to call the TLS protocol "SSL encryption". This term has been widely adopted and is usually used by providers who actually offer TLS protection:
TLS 1.2 and SSL encryption

SSL vs TLS

Many web developers are wondering which protocol to choose - SSL or TLS. Given the identified vulnerability, the SSL protocol should be replaced with TLS as recommended by security professionals. When buying a security certificate, you need to pay attention to what encryption standards the company that provides the secure communication channel uses:
SSL Certificate vs TLS Protocol
The certificate's characteristics must indicate that one of the latest versions of the TLS protocol specification is used. It is worth considering the version, as in the TLS 1.0 and TLS 1.1 protocols vulnerabilities were discovered that were fixed in newer specifications.

TLS 1.0 vs. 1.2. How to install the most secure version of the protocol

TLS 1.2 protocol - a newer and more secure version, which is preferably used to protect information on websites -such recommendations cryptographers give.

Google experts found a fundamental flaw in the RC4 code used in TLS 1.0 and 1.1. Tests determined that these versions are not secure enough. The identified vulnerability is classified as CVE-2014-8730.

To ensure reliable data protection, modern protocols use 256-bit encryption keys, which are almost impossible to attack successfully.

To check the current version of the protocol used on the website, you can use the SSL-checker service. This tool allows you to get a detailed report on the SSL and TLS versions used on the project.

To check, enter the domain address and click "Check SSL / TLS":
TLS SSL Checker online
The report will describe all versions of the protocols that are used to protect information:
SSL and TLS verification online
If the site has security problems, it is necessary to update the version of the TLS protocol. Settings will vary for different server types.

For example, to register an update of the TLS version on the Nginx server, you need to enable the SSL option on listening sockets, placing it in the server block. Additionally, you must specify the address of the files with the server certificate and secret key:
server {
    listen              443 ssl;
    server_name         www.site.com;
    ssl_certificate    www.site.com.crt;
    ssl_certificate_key www.certifikate-key.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ...
}
After configuring the server in accordance with the instructions on the website, a secure version of the TLS 1.2 certificate will work.

Conclusion

TLS is a modified version of SSL designed to create a secure data channel over the network. To ensure maximum data protection on the website, you must install a proven version of the protocol.

At the moment, cryptographers consider versions of TLS 1.2 and higher to be safe and stable.

To install a secure version of the SSL certificate, you need to pay attention to its characteristics, as the TLS protocol must be at least version 1.2. The received certificate must be registered in the server settings with the required version of TLS.
This article is a part of Serpstat's "Site Audit" tool
SEO Audit in Serpstat
Audit all the site or page in one click. A complete list of errors, sorted by severity, ways to resolve them and recommendations. Any frequency of verification and automatic email reports.
Run Site Audit

Learn how to get the most out of Serpstat

Want to get a personal demo, trial period or bunch of successful use cases?

Send a request and our expert will contact you ;)

Rate the article on a five-point scale

The article has already been rated by 0 people on average out of 5
Found an error? Select it and press Ctrl + Enter to tell us

Share this article with your friends

Sign In Free Sign Up

You’ve reached your query limit.

Or email
Forgot password?
Or email
Back To Login

Don’t worry! Just fill in your email and we’ll send over your password.

Are you sure?

Awesome!

To complete your registration you need to enter your phone number

Back

We sent confirmation code to your phone number

Your phone Resend code Queries left

Something went wrong.

Contact our support team
Or confirm the registration using the Telegram bot Follow this link
Please pick the project to work on

Personal demonstration

Serpstat is all about saving time, and we want to save yours! One of our specialists will contact you and discuss options going forward.

These may include a personal demonstration, a trial period, comprehensive training articles & webinar recordings, and custom advice from a Serpstat specialist. It is our goal to make you feel comfortable while using Serpstat.

Name

Email

Phone

We are glad of your comment
Upgrade your plan

Upgrade your plan

Export is not available for your account. Please upgrade to Lite or higher to get access to the tool. Learn more

Sign Up Free

Спасибо, мы с вами свяжемся в ближайшее время

Invite
View Editing

E-mail
Message
Optional
E-mail
Message
Optional

You have run out of limits

You have reached the limit for the number of created projects. You cannot create new projects unless you increase the limits or delete existing projects.

I want more limits