Protocol timeline
| Version | Released | Status | Notes |
|---|---|---|---|
| SSL 1.0 | never | ❌ Never released | Internal Netscape design; flaws found before public release. |
| SSL 2.0 | 1995 | ❌ Deprecated (2011) | Numerous weaknesses; RFC 6176 prohibits use. |
| SSL 3.0 | 1996 | ❌ Deprecated (2015) | POODLE attack; RFC 7568 prohibits. |
| TLS 1.0 | 1999 (RFC 2246) | ❌ Deprecated (2021) | BEAST-era weaknesses; removed from major browsers. |
| TLS 1.1 | 2006 (RFC 4346) | ❌ Deprecated (2021) | Removed from major browsers. |
| TLS 1.2 | 2008 (RFC 5246) | ✓ Allowed | Still common; minimum acceptable for most profiles. |
| TLS 1.3 | 2018 (RFC 8446) | ✓ Recommended | 1-RTT handshake, cleaner cipher list, 0-RTT (with caveats). |
Notes
- Disable SSLv3 and TLS 1.0/1.1 on servers you control — they expose known-vulnerable ciphers.
- TLS 1.3 dropped RSA key exchange, CBC modes, and SHA-1.
- PCI-DSS, NIST, and most modern compliance frameworks require TLS 1.2+.
Was this article helpful?