Checks TLS protocol versions for security vulnerabilities
Analyzes the TLS protocol versions supported by a web server to identify security vulnerabilities. This checker performs a comprehensive scan of TLS 1.0, 1.1, 1.2, and 1.3 support to ensure servers are configured with secure encryption protocols only.
This checker performs a comprehensive analysis of the TLS (Transport Layer Security) protocol versions supported by your web server. It connects to your server and attempts to negotiate connections using different TLS protocol versions to determine which ones are enabled.
TLS 1.0 (RFC 2246, 1999) - Deprecated and insecure
TLS 1.1 (RFC 4346, 2006) - Deprecated and insecure
TLS 1.2 (RFC 5246, 2008) - Secure but aging
TLS 1.3 (RFC 8446, 2018) - Latest and most secure
The checker establishes SSL socket connections to your server on the appropriate port (443 for HTTPS, or custom port if specified) and attempts TLS handshakes with each protocol version individually. It uses Java's SSLContext and SSLSocket APIs to perform these negotiations, simulating how real clients would connect to your server.
The scan process:
Resolves the target hostname and port from the provided URL
Creates SSL contexts configured for each TLS version
Attempts handshake negotiations for each protocol
Records which versions succeed and which fail
Analyzes results according to current security best practices
| Status | Condition | Description | Recommended Action |
|---|---|---|---|
| ✅ SUCCESS | Only TLS 1.3 supported | Server supports TLS 1.3 exclusively and does not accept any legacy protocol versions. This represents the highest level of security configuration. | Maintain current configuration. Ensure monitoring is in place to detect any configuration drift. |
| ⚠️ WARNING | Only TLS 1.2 supported | Server supports TLS 1.2 but not TLS 1.3, and crucially does not support deprecated versions TLS 1.0/1.1. While secure, TLS 1.3 would provide better performance and security. | Plan TLS 1.3 upgrade. Research server/load balancer capabilities for TLS 1.3 support and plan implementation timeline. |
| ❌ FAIL | TLS 1.0 or 1.1 detected | Server accepts connections using deprecated TLS 1.0 or 1.1 protocols, regardless of whether it also supports newer versions. This creates immediate security vulnerabilities. | Immediate action required. Disable TLS 1.0 and 1.1 support in server configuration. Test thoroughly before deployment. |
| ❌ FAIL | No TLS versions detected | Unable to establish TLS connections using any tested protocol versions, or the server/URL is unreachable. | Investigate connectivity. Verify server is running, URL is correct, and firewall rules allow TLS connections on the expected port. |
protocolSupport: Object showing which TLS versions are supported (true/false for each)
insecureVersions: Array listing specifically which deprecated versions were detected
recommendedVersion: The highest secure version detected
host/port: Connection details used for the scan
TLS 1.0 and 1.1 Support Detected:
Data Interception: These protocols contain known cryptographic weaknesses that can be exploited by attackers to decrypt sensitive data in transit
Man-in-the-Middle Attacks: Vulnerable to protocol downgrade attacks where attackers force connections to use weaker encryption
Compliance Violations: PCI DSS, HIPAA, and other standards explicitly prohibit TLS 1.0/1.1 for handling sensitive data
Browser Warnings: Modern browsers display security warnings or block connections to sites using deprecated TLS versions
Reputation Damage: Security scanners and audits will flag your site as insecure, potentially damaging customer trust
Missing TLS 1.3 Support:
Reduced Performance: TLS 1.3 offers significant performance improvements with faster handshakes and reduced latency
Enhanced Security: Missing out on the latest cryptographic improvements and attack mitigations
Future Compatibility: As TLS 1.3 adoption grows, lacking support may cause compatibility issues with newer clients
SEO Penalties: Search engines may rank sites with poor security configurations lower
Customer Loss: Users may abandon transactions when seeing security warnings
Legal Liability: Data breaches exploiting known TLS vulnerabilities can result in legal consequences
Audit Failures: Security audits and penetration tests will identify TLS configuration as a high-priority vulnerability
Add this checker to your monitoring setup and start identifying issues on your websites today.