Which TLS version is obsolete?

Which TLS version is obsolete?

3 Minutes Read Updated on May 21, 2025

Transport Layer Security is a security protocol used for facilitating seamless and safe communication between servers and web browsers. Put it his way, TLS encrypts data so that only the intended recipient and the sender can access it. Currently, TLS 1.2 and TLS 1.3 are the most commonly used TLS versions. After some major upgrades, TLS’s 1.3 version has emerged as one of the most extensively used and the safest security protocols for websites that need a high-end encryption service. The latest TLS 1.2 and TLS 1.3 are faster and safer than their outdated versions.

TLS 1.3 — A Safer Alternative to the Previous TLS Versions

The Internet Engineering Task Force has introduced several modifications in Transport Layer Security in the past eight years. TLS 1.2 version has been in use by most website owners because of its excellent security features and unparalleled speed. However, more and more companies are now switching to TLS 1.3 for improved performance and better security. Additional features, like Zero Round Trip Time and the TLS False Start, have improved encryption speed. Like HTTP/2, this latest TLS upgrade is expected to benefit all websites. By enhancing your site’s security and loading speed, TLS 1.3 will result in an excellent user experience.

How is TLS 1.2 Different from TLS 1.3?

The biggest difference between TLS 1.2 and 1.3 is that two round trips are required for executing a TLS handshake in the 1.2 version, while the 1.3 completes the same in just one round trip. The encryption connections, as a result, have gotten faster than before. Not only does it improve the security and lower the latency, but this improvement in the speed has been shown to speed up the website loading times.

TLS 1.2 consisted of various features, including but not limited to, DES, 3DES, SHA-1, RC4, and MD5, all of which needed secure and proper configuration in order for this safety protocol to function properly. Failure to configure TLS 1.2 securely would make your website highly vulnerable to cyber-attacks. Security consultants and experts have said that TLS 1.3 will become safer and faster in the coming years.

Google has also done its part in informing each website owner about the risks associated with TLS 1 and how the websites must be moved to the TLS 1.2 or the latest TLS 1.3 versions for improved security and performance. Although Chrome and other popular browsers support TLS 1.3, some browsers, like Opera, are yet to embrace the latest version of TLS. People believe that this delay in adopting the latest versions of the Transport Layer Security is the incompatibility of this protocol with the SSL services. You can take the SSL server test to determine whether your server is compatible with TLS 1.3.

Detecting obsolete TLS configurations

Over time, new versions of the TLS protocol are developed and some of the previous versions become obsolete for numerous technical reasons or vulnerabilities such as TLS versions 1.0 and 1.1, and therefore should no longer be used to sufficiently protect data.

NSA’s recommended detection strategy contains three stages:

Stage 1: identify clients and servers which are using old TLS versions. If a client offers or a server accepts any old TLS or SSL version, traffic should be blocked immediately.

Stage 2: when TLS 1.2 is in use, you should detect whether the traffic is based on an obsolete cipher suite.

Stage 3: when TLS 1.2 or TLS 1.3 are in use with the right cipher suites, key exchange mechanisms should be investigated. If a weak key exchange method is detected, it should be blocked.

The following table indicates the prioritization and urgency for immediate remediation of obsolete TLS versions from the NSA:

[table id=4 /]Table: Prioritization of remediation of obsolete TLS versions

Recommended hardening for TLS

Obsolete TLS provides a false sense of security and sensitive data requires robust protection. Using CalCom’s software CHS is capable of producing an accurate report regarding hardening SSL/TLS protocol consequences, so you won’t find out about it only when it breaks. Learn More about CalCom’s Hardening Suite (CHS) and how it will present the status of each server and indicate whether it is hardened according to best practice recommendations.

Ben Balkin
Ben Balkin is a professional writer and blogger specializing in technology and innovation. As a contributor to the Calcom blog, Ben shares practical insights, useful tips, and engaging articles designed to simplify complex processes and make advanced technological solutions accessible to everyone. His writing style is clear, insightful, and inspiring, reflecting his strong belief in technology's power to enhance quality of life and empower businesses.

Related Articles

Infographic: TOP 5 TIPS FOR A SECURE PASSWORD

Infographic: TOP 5 TIPS FOR A SECURE PASSWORD

May 9, 2022

Creation of a secure password is crucial to protecting your personal information. When you implement…

Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

Unsigned LDAP Channel Binding Attacks- How to Mitigate Without Breaking Production:

May 20, 2020

On March 2020 Microsoft published a patch that supposes to help prevent unsigned LDAP channel…

Open Source CyberSecurity Tools for Hardening

Open Source CyberSecurity Tools for Hardening

September 3, 2023

Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even…

Ready to simplify compliance?

See automated compliance in action—book your demo today!

Share this article