SSL/TLS Versions

SSL and TLS protocol versions — release dates, current status, and what to deprecate.

Reference Reference Updated Apr 19, 2026
X Facebook LinkedIn Reddit Email
Reference

Protocol timeline

Version Released Status Notes
SSL 1.0 never ❌ Never released Internal Netscape design; flaws found before public release.
SSL 2.0 1995 ❌ Deprecated (2011) Numerous weaknesses; RFC 6176 prohibits use.
SSL 3.0 1996 ❌ Deprecated (2015) POODLE attack; RFC 7568 prohibits.
TLS 1.0 1999 (RFC 2246) ❌ Deprecated (2021) BEAST-era weaknesses; removed from major browsers.
TLS 1.1 2006 (RFC 4346) ❌ Deprecated (2021) Removed from major browsers.
TLS 1.2 2008 (RFC 5246) ✓ Allowed Still common; minimum acceptable for most profiles.
TLS 1.3 2018 (RFC 8446) ✓ Recommended 1-RTT handshake, cleaner cipher list, 0-RTT (with caveats).

Notes

  • Disable SSLv3 and TLS 1.0/1.1 on servers you control — they expose known-vulnerable ciphers.
  • TLS 1.3 dropped RSA key exchange, CBC modes, and SHA-1.
  • PCI-DSS, NIST, and most modern compliance frameworks require TLS 1.2+.

Last updated: