2.4.1.1.11. Selecting versions of TLS encryption protocols

TLS (transport layer security) is an encryption protocol that protects data transmitted over a network. It is used when connecting to a site via HTTPS and exists in several versions — from 1.0 to 1.3. The current versions are 1.2 and 1.3. Versions 1.0 and 1.1 are outdated, but are still supported on hosting so that client sites are accessible to any visitors, including those using old devices, browsers and scripts that do not support TLS 1.2 or 1.3.

Supported TLS versions can be selected in site settings:

Option «Maximum compatibility (TLS 1.0-1.3)» — is used by default. Provides accessibility of the site for visitors with any devices and browsers.

Option «Most modern only (TLS 1.2-1.3)» — allows you to get a rating «A» in the test on the site SSL Labs... But at the same time, visitors with very old browsers and scripts that work on old OSs with OpenSSL 0.9.8 will not be able to access the site (according to our statistics, this is ≈1% of total requests, including both HTTP and HTTPS requests). This option also disables weak encryption support. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256. Attention! To get a rating «A+» you need the site to still give HSTS header with a validity period not less than 180 days (15552000 seconds).