2.3.1.11. Choosing TLS encryption protocol versions

TLS (transport layer security) is an encryption protocol that protects data transmitted over a network. It is used when connecting to a site via HTTPS and exists in several versions — from 1.0 to 1.3. The current versions are 1.2 and 1.3. Versions 1.0 and 1.1 are outdated, but are still supported on hosting so that client sites are accessible to any visitors, including those using old devices, browsers and scripts that do not support TLS 1.2 or 1.3.

Supported TLS versions can be selected in site settings:

Option "Maximum compatibility (TLS 1.0-1.3)" — used by default. Ensures the site is accessible to all visitors, regardless of the devices and browsers they use.

Option "Most modern only (TLS 1.2-1.3)" — allows you to get a rating "A" in the test on the site SSL Labs... But at the same time, visitors with very old browsers and scripts that work on old OSs with OpenSSL 0.9.8 will not be able to access the site (according to our statistics, this is ≈1% of total requests, including both HTTP and HTTPS requests). Attention! To get a rating "A+" you need the site to still give HSTS header with a validity period not less than 180 days (15552000 seconds).

Content