Transport Layer Security (TLS), defined in RFC 8446 provides communication security. Websites and client/server applications use TLS to secure communications between their servers and web browsers in a way that is designed to prevent eavesdropping, tampering, or message forgery. When you connect to a web address that starts with "https://", you are connecting using TLS. Note that some people still refer to TLS using an older name, Secure Sockets Layer (SSL).
TLS is currently at version 1.3. Web servers can support multiple versions, but version 1.0 (from 1999) and 1.1 (from 2006) are known to be at risk of not being secure enough. To protect your website from possible attacks against these older TLS versions, IT security guidelines recommend disabling TLS 1.0 and 1.1 on your web server and only support TLS versions 1.2 and 1.3.
If you use a content delivery network (CDN) in front of your website, you will need to configure TLS versions within the CDN. We currently have instructions for the following CDNs:
- Login to your Cloudflare account
- Click on SSL/TLS icon
- Click on Edge Certificates
- Scroll to Minimum TLS Version section
- Select TLS 1.2 (this will automatically set the TLS version to 1.2 or higher.)
- Login to your Akamai account
- Go to the CDN/Certificates section
- Under Actions, select View and Edit Deployment Settings
- Click Edit on the Advanced Network Configuration section
- Selection Disable specific TLS versions and Check TLS 1.0 and TLS 1.1
- Click Submit and wait until deployment of the configuration is complete
- IT Security Guidelines for Transport Layer Security (TLS) - from the Dutch National Cyber Security Centre (NCSC)
- RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
This documentation is part of the Internet Society's Open Standards Everywhere project. To find the most recent version or to provide feedback, please visit https://github.com/InternetSociety/ose-documentation