TLS Version Checker

See exactly which TLS protocol versions a server accepts. Enter a domain and this tool opens a separate connection forcing each protocol — TLS 1.0, 1.1, 1.2 and 1.3 — and reports which ones succeed, plus the version your browser would actually negotiate. Use it to confirm modern TLS is enabled and to catch deprecated TLS 1.0/1.1 that you should turn off for security and PCI compliance.

How to use the TLS Version Checker

Enter a domain and press Check TLS versions. The tool makes one quick handshake per protocol and shows a support matrix:

• Supported — the server completed a handshake using that protocol.
• Supported (deprecated) — shown in amber for TLS 1.0 and 1.1, which still work here but should be disabled.
• Not supported — the server refused that protocol (which is good for the old versions).

At the top, badges summarise the headline facts: the protocol your browser negotiated, whether TLS 1.3 is available, and whether any deprecated protocol is still enabled. A healthy modern server shows TLS 1.2 and 1.3 supported and TLS 1.0/1.1 not supported.

TLS versions explained: 1.0, 1.1, 1.2 and 1.3

TLS (Transport Layer Security) is the protocol behind HTTPS that encrypts traffic between a browser and a server. It has evolved through several versions, and which ones a server allows directly affects both security and performance:

• TLS 1.0 (1999) and TLS 1.1 (2006) — now formally deprecated. They have known weaknesses, all major browsers removed support in 2020, and the PCI DSS payment standard prohibits them. If a server still accepts them, it widens its attack surface for no benefit. These should be off.
• TLS 1.2 (2008) — the long-standing workhorse, still secure when configured with strong cipher suites. The vast majority of clients support it, so it is the sensible minimum to keep enabled.
• TLS 1.3 (2018) — the modern version. It is faster (a shorter handshake means quicker connections), drops every legacy/weak cipher, and always provides forward secrecy. You want this on.

The recommended configuration for almost every public website today is TLS 1.2 + TLS 1.3 only. That combination is compatible with essentially all real-world clients while excluding the deprecated protocols. This checker tests each version independently rather than just reporting what your own browser negotiated, so it reveals an old protocol that is quietly still enabled — something a single connection would never show.

Note that the protocol version is only part of TLS security. The specific cipher suites a server offers also matter. But disabling TLS 1.0/1.1 and enabling 1.3 is the highest-impact, lowest-effort step, and it is exactly what this tool helps you verify.

Common use cases

• PCI DSS and compliance — prove that TLS 1.0/1.1 are disabled, a common audit requirement for anything handling card payments.
• Security hardening — confirm a server change actually removed the old protocols, instead of trusting the config file.
• Enabling TLS 1.3 — verify that the modern protocol is live after upgrading your server or CDN.
• Vendor due diligence — check that an API or partner endpoint you integrate with meets your TLS baseline.
• Migration validation — after moving to a new host, load balancer or CDN, confirm the TLS version policy carried over correctly.

How to disable TLS 1.0 / 1.1 and enable TLS 1.3

The exact steps depend on your stack, but the idea is the same — restrict the allowed protocols:

• Nginx: set ssl_protocols TLSv1.2 TLSv1.3; in your server or http block, then reload.
• Apache: set SSLProtocol -all +TLSv1.2 +TLSv1.3 in your SSL config.
• Cloudflare: under SSL/TLS → Edge Certificates, set the Minimum TLS Version to 1.2 and enable TLS 1.3.
• Load balancers / cloud: choose a modern TLS security policy (most providers offer a "TLS 1.2 and above" predefined policy).

After changing the config, re-run this check to confirm 1.0 and 1.1 now show as not supported and 1.3 shows as supported.