SSL / TLS Reference

TLS protocol versions, certificate types, a deployment checklist, and direct links to SSL analysis tools.

Check a Domain

Protocol Versions

TLS 1.3recommended2018

Current standard. Faster handshake, forward secrecy by default, deprecated weak ciphers removed.

TLS 1.2supported2008

Still widely used and secure when configured correctly. Required for PCI DSS compliance.

TLS 1.1deprecated2006

Deprecated since 2021. No longer supported by major browsers.

TLS 1.0deprecated1999

Vulnerable to POODLE and BEAST attacks. Disable immediately.

SSL 3.0insecure1996

Critically insecure - POODLE vulnerability. Must not be used.

SSL 2.0insecure1995

Broken. Never use.

Deployment Checklist

✓Certificate not expired

✓Domain name matches the certificate CN/SAN

✓Issued by a trusted Certificate Authority (CA)

✓Full certificate chain is served (intermediate CAs included)

✓TLS 1.2 or 1.3 is used (not SSLv3, TLS 1.0, or 1.1)

✓No mixed content warnings (all resources over HTTPS)

✓HTTP Strict Transport Security (HSTS) header present

✓Redirect from HTTP → HTTPS is in place

✓Certificate auto-renewal is configured

Certificate Types

DV (Domain Validated)Free–$

Verifies domain ownership only. Issued in minutes. Suitable for most sites.

Best for: Blogs, personal sites, APIs

OV (Organisation Validated)$$

Verifies the company behind the domain. Shows org name in certificate details.

Best for: Business websites, e-commerce

EV (Extended Validation)$$$

Highest validation - deep vetting of the organisation. Green bar in older browsers.

Best for: Banks, financial services

Wildcard (*.example.com)$$

Secures a domain and all first-level subdomains.

Best for: Multi-subdomain setups

SAN / Multi-Domain$$

Covers multiple domain names in one certificate.

Best for: Multi-site hosting

Self-SignedFree

Generated locally - no CA validation. Causes browser warnings.

Best for: Internal tools, development

About this tool

A complete reference guide to SSL/TLS protocol versions, certificate types, and deployment best practices. Learn the difference between TLS 1.3 and TLS 1.2, when to use a DV, OV, or EV certificate, and what your HTTPS setup needs to pass a security audit. Includes direct links to SSL Labs, DigiCert, and other analysis tools pre-filled with your domain.

How to Check Your SSL Certificate

1Type your domain name (e.g. example.com) in the input field at the top.
2Click one of the external tool buttons (SSL Labs recommended for the most detailed report).
3The tool opens with your domain pre-filled for a faster check.
4Review the TLS Versions panel to confirm you're using TLS 1.2 or 1.3 only.
5Use the Deployment Checklist to verify your HTTPS setup is complete.

Frequently Asked Questions

What is the difference between SSL and TLS?+

SSL (Secure Sockets Layer) is the original protocol, now deprecated. TLS (Transport Layer Security) is its modern replacement. Most people say 'SSL' but actually mean TLS 1.2 or TLS 1.3.

Is TLS 1.2 still safe in 2024?+

Yes, TLS 1.2 is still considered secure when configured correctly with strong cipher suites. TLS 1.3 is preferred as it's faster and removes weak cipher options entirely.

What is HSTS and why does it matter?+

HTTP Strict Transport Security (HSTS) tells browsers to always use HTTPS for your domain, preventing downgrade attacks. It should be set with a long max-age value for production sites.

Do I need an EV certificate for better security?+

No. EV certificates provide the same encryption as DV certificates. The difference is identity verification - EV certs verify the company behind the domain. Most sites are well-served by a free DV certificate from Let's Encrypt.

Looking for a deeper guide on this topic? Browse the Searchlight blog.

Visit the blog →

Related tools

View all Network & Web →