What is TLS?

TLS (Transport Layer Security) is the cryptographic protocol that secures communication between clients (browsers, API clients, email clients) and servers. When you see HTTPS in a URL, the connection is secured by TLS. TLS encrypts data in transit, authenticates the server’s identity via certificates, and ensures data integrity.

TLS versions

  • TLS 1.3 (2018) - current standard. Simplified handshake (1 round-trip), removed all weak cipher suites, mandatory forward secrecy.
  • TLS 1.2 (2008) - still widely used and considered secure when configured with strong cipher suites. Supports both weak and strong configurations.
  • TLS 1.1 and 1.0 - deprecated. Major browsers dropped support in 2020. Should be disabled on all servers.
  • SSL 3.0 and earlier - broken. Vulnerable to POODLE and other attacks. Must be disabled.

TLS in attack surface management

TLS misconfigurations - expired certificates, weak cipher suites, deprecated protocol versions, and self-signed certificates - are common findings in external attack surface scans. SurfaceLoop checks TLS configuration on every HTTPS endpoint it discovers across your domains.

Map your attack surface - first scan free