Skip to main content
Vantyris

TLS

TLS 1.0 and 1.1: turn them off. Here's why and how.

Published 2026-04-18 · Last updated 2026-04-18 · Vantyris editorial

If your web server still accepts TLS 1.0 or 1.1, it's offering connection security from 1999 and 2006 respectively. Every modern browser refuses to use them. Leaving them enabled doesn't help anyone; it just lowers your security grade and gives compliance auditors a reason to fail you. The fix is one line in your host's SSL config.

What this means for your business

How to fix

In your web host's SSL settings, set the minimum TLS version to 1.2. If your host doesn't expose this directly, your CDN (Cloudflare's free tier) does.

  1. Find the TLS minimum-version setting. Cloudflare: SSL/TLS → Edge Certificates → Minimum TLS Version → set to 1.2. Most hosting panels (cPanel, Plesk, Hostinger) have a similar dropdown labelled 'Minimum TLS Version' or 'SSL/TLS Protocols'.
  2. Disable 1.0 and 1.1. Uncheck or remove those options. Confirm 1.2 and 1.3 remain enabled.
  3. Test the change. Use ssllabs.com/ssltest or run a Vantyris scan. You should see TLS 1.2 and 1.3 supported, 1.0 and 1.1 absent.

Owner: Your web host or CDN administrator. · Time: 5 minutes.

Common gotchas

How to verify the fix

ssllabs.com/ssltest will show 'Protocols: TLS 1.2, TLS 1.3' and nothing older. Your overall grade should rise to A or A+.

Cyber Essentials alignment

This finding informs the following UK NCSC Cyber Essentials control areas:

Vantyris is not a CE certifying body. The mapping above is informational.

Common follow-up questions

Will disabling old TLS break customers on old browsers?

Almost certainly not. Chrome, Firefox, Edge, and Safari all dropped TLS 1.0/1.1 by 2021. The only clients affected are Internet Explorer on Windows XP and Android 4 devices, which collectively account for under 0.1% of modern web traffic.

Do I need to enable TLS 1.3 specifically?

Yes, ideally. It's faster than 1.2 and has stronger defaults. Most modern hosts default to 1.3 enabled; if yours doesn't, request it via support.

What's the difference between TLS and SSL?

TLS is the modern protocol; SSL was its predecessor. The terms get used interchangeably (we still say 'SSL certificate'), but the actual protocol negotiated is TLS.

References

Related explainers

Want Vantyris to scan your domain for this and 80 other findings?

Free teaser scan, no card. Verified scan from €10 with the full workspace around it: workflow, score trend, three PDF layouts, share links, monitoring.

Editorial

Vantyris editorial team · methodology v1.0.0