What is TLS and what version should I use?
What is TLS, and is it the same as SSL?
SSL was developed and released by the folks who owned the Netscape browser when browsers and the commercial Internet were in their infancy more than 30 years ago. Secure Sockets Layer (SSL) technology is a trademarked name and when it became widely used by all browsers and many other communication services, the name was changed to Transport Layer Security (TLS), so it can be freely used going forward. Still widely referred to as SSL, TLS and SSL refer to the same protocol that secures communication over computer networks and other communication networks that require security.
Learn more about the details of Transport Layer Security including version history.
See our Introduction to SSL to get more information about how TLS/SSL works and how certificates are used in the process.
Can I order a certificate for a specific version of TLS?
The simple answer is no, and there is no need to worry about it from a certificate standpoint. All SSL/TLS certificates are fully compatible with the latest version of TLS and backward compatible with all previous versions. Be careful with this, though, because this means that your certificate is also compatible with the outdated and insecure versions that modern browsers may block because they pose security risks for your site and the information it transports.
The most current version of TLS is version 1.3. The version of TLS that is allowed to be used by your website or application server is determined by the capability and configuration of your server software - not the certificate it uses. Simply put, your certificate will work with any configuration you decide to use. The real concern with the configuration of your server is if it will be accessible using the configuration you have set and how secure the configuration leaves your site or service using the certificate. For instance, most modern browsers disallow conntections to servers configured to use older, insecure protocols.
Additionally, some web servers and appliances allow for advanced certificate encryption algorithms, such as ECC Cryptography , and therefore have special configuration requirements for the versions of TLS that must be configured to run. For the most part, your normal secure sites or devices will be fine with RSA Cryptography , which is considered the default, without using any of the more advanced encryption algorithms. If you have specific questions about your situation, we will be happy to help.
Can GeoCerts help with the advanced configuration of my server?
The configuration of your server takes into consideration much more than the certificate you receive from us. Most of the time when we are contacted regarding a website not passing PCI Compliance or an unacceptable SSL Server Test grade or other connection issues, the trouble is with the configuration of the server and not the certificate.
We have partnered with Qualys SSL Labs to offer the most widely used SSL Server test for use by our customers.
This free test will give you a letter grade and also a great deal of information regarding all protocols, ciphers, and versions of TLS that are allowed to be used, as well as checking the installation of your SSL/TLS Certificate. This is one of the best ways to make sure your website or application is PCI Compliant and configured to use the correct ciphers, protocols, and versions of TLS that match your needs and risk tolerance. The test will also point you to resources for correcting your configuration if necessary. There may be business reasons for you to run a best-in-class configuration that also includes other older and less secure components due to your business model and your customer base.
For these reasons, GeoCerts is not able to configure your server or appliance for you beyond help with generating encryption keys, CSRs, importing and exporting certificates and certificate installation. We are always happy to point you to reliable sources to help you complete the configuration tasks, but for specific configuration support, the best source is always the vendor for your server software or your appliance vendor.
How do I get further GeoCerts SSL support?
GeoCerts is here to help you and welcome your inquiries. We have many answers and support documents available on our Support Desk, which also has links to our support options via phone, chat and email. We are always happy to help.