Why You Should Disable TLS 1.0 and 1.1 — and How

Q: How do I check whether a server still offers TLS 1.0?

Run openssl s_client -connect host:443 -tls1. If the handshake succeeds, the protocol is active. Alternatively, nmap --script ssl-enum-ciphers gives a full overview of offered versions and ciphers.

TLS 1.0 dates from 1999 and TLS 1.1 from 2006. Both are now formally deprecated, vulnerable to known attacks, and excluded from modern compliance requirements. Yet they live on across many servers as a forgotten default. Here is why they must be turned off, what the risk really is, and how to do it without locking anyone out.

Short answer

TLS 1.0 and 1.1 should be turned off because they are cryptographically obsolete, vulnerable to attacks such as BEAST and POODLE, and were officially deprecated by the IETF in 2021. At the same time PCI DSS, many industry standards and most browser vendors require at least TLS 1.2. Leaving them open gives no real benefit and presents both a security and a compliance risk. Configure the server to offer only TLSv1.2 and TLSv1.3.

Why are they insecure?

Both versions were designed before modern cryptographic practice. They depend on weak primitives:

MD5 and SHA-1 are used in the handshake — both are now too weak for signature use.
CBC-mode ciphers with known attacks (BEAST on TLS 1.0, Lucky13).
No AEAD ciphers — the modern, secure construction only arrives in TLS 1.2.
Vulnerable to downgrade attacks, where an attacker forces the connection down to the weakest common version.

TLS 1.2 introduced AEAD ciphers and removed the reliance on MD5/SHA-1 in the core parts. That is the real dividing line between secure and obsolete.

Compliance now requires it

For many organisations it is no longer a free choice:

PCI DSS has required at least TLS 1.2 since 2018 for cardholder data.
IETF RFC 8996 (2021) formally deprecated both TLS 1.0 and 1.1.
Browsers (Chrome, Firefox, Safari, Edge) removed support in 2020.
Frameworks such as NIS2 expect the use of current cryptography.

Will I break anything by turning them off?

Almost never today. Any browser from the last five years already uses TLS 1.2 or 1.3. The only potential casualties are very old API clients, older Java versions (before Java 8u31) or embedded devices that were never updated. First check what your servers actually offer:

nmap --script ssl-enum-ciphers -p 443 example.com
# or test a specific version directly:
openssl s_client -connect example.com:443 -tls1
openssl s_client -connect example.com:443 -tls1_1

If -tls1 or -tls1_1 completes a handshake, the protocol is still active and should be turned off.

How to turn them off — nginx

# modern protocols only
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

Reload with nginx -t && systemctl reload nginx. If there are several server blocks, the directive must be set consistently in all of them.

How to turn them off — Apache

# Apache httpd (mod_ssl)
SSLProtocol -all +TLSv1.2 +TLSv1.3

The leading -all disables everything and adds back only the two versions you want. Restart with apachectl configtest && systemctl reload apache2.

Verify afterwards

Confirm that the old versions are now rejected:

openssl s_client -connect example.com:443 -tls1_1
# expected: "no protocols available" or a handshake error

If it still succeeds, there is either a cache, a load balancer or another server block that was not updated. An explanation of why old cryptography gets retired in general is in TLS 1.2 vs TLS 1.3.

How CertControl finds the forgotten servers

The problem is rarely turning off TLS 1.0/1.1 — it is finding every server where they are still on. CertControl scans your endpoints from the outside and flags any that still accept TLS 1.0 or 1.1 as a finding, so you can clean up systematically and document it for an auditor. Understand the negotiation itself in the TLS handshake explained.

Frequently asked questions

Do I risk locking users out by disabling TLS 1.0/1.1?

Practically not. Every modern browser uses TLS 1.2 or 1.3. The only possible casualties are very old API clients or unpatched embedded devices — which you should identify and upgrade anyway.

What is the difference between TLS 1.1 and 1.2?

TLS 1.2 introduced AEAD ciphers and removed the dependence on MD5/SHA-1 in the core handshake parts. That is the dividing line between obsolete and current. TLS 1.1 has neither.

Does PCI DSS require me to disable TLS 1.0?

Yes. PCI DSS has required at least TLS 1.2 since 2018 for handling cardholder data. TLS 1.0 and 1.1 are no longer accepted for that purpose.

How do I check whether a server still offers TLS 1.0?

Run openssl s_client -connect host:443 -tls1. If the handshake succeeds, the protocol is active. Alternatively, nmap --script ssl-enum-ciphers gives a full overview of offered versions and ciphers.

Should I also disable SSL 3.0?

Yes, if it is even still active. SSLv3 is completely broken (POODLE) and should have been turned off long ago. Modern server configurations no longer offer it.

See the platform Book a demo