When using an SSL certificate on your website to provide an additional layer of security for your WordPress site’s visitors, some additional questions might come to mind. One of these questions is the TLS version that your site should use.
In this article, we’ll take a look at what TLS is and how different TLS versions might impact your site’s visitors.
What is TLS?
TLS is the successor to SSL, and defines how communications are encrypted over a network. When it comes to websites, it sets the standard for how content is securely delivered to visitors. Without it, information is sent in plain-text and could be potentially intercepted.
TLS is incredibly important. Especially for websites that may be handling sensitive data, such as credit cards on an eCommerce site. Even for purely informational sites, TLS helps to make sure that the content you’re viewing stays private. In fact, TLS (HTTPS) even impacts other things, such as search engine rankings on your site.
Why TLS Versions Matter
Simply put, higher TLS versions allow for stronger encryption, which means enhanced protection against loss of privacy. As newer versions are released, the standards are adopted by browsers, and older versions become no longer supported.
You might be thinking, “okay, so why not always use the highest version?”. Well, unfortunately, enforcing a higher TLS version means that older, outdated browsers won’t know how to handle it. Since most software, such as web browsers on your computer, tablet, or phone automatically install updates, this generally isn’t an issue. Still, it might be a slight concern if your users are using very old devices that are no longer being updated.
Which TLS Version Should I Use?
As a general rule, your site should support the highest version of TLS available, while still allowing older browsers and tools to interact with your site.
Due to how transmission of HTTPS content works, the visitor’s browser will automatically use the highest version of TLS that both the browser and server support. This means that if the visitor’s browser supports TLS versions 1.2 and 1.3, the server will use TLS 1.3 for delivering the site’s content over HTTPS. On the flip side, if an extremely outdated browser only supports up to TLS 1.1, the server may reject the request if such an ancient TLS version isn’t supported.
According to Can I Use, almost 98% of all users are using a browser that supports TLS 1.2 or higher. Due to widely-adopted browser support for higher TLS versions, you're generally pretty safe to use TLS 1.2 or higher.
Of course, users might not be your only concern. If you're consuming your site's data from an external tool, you could still run into issues. Unless your tooling has been updated as well, you may run into compatibility issues there.
Managing Your TLS Version at Pagely
By default, Pagely sites support a minimum TLS version of 1.1, and a maximum of TLS 1.3. This ensures that supported browsers allow for the highest security possible, while still allowing older browsers to access your content.
Depending on how your site is used, such as eCommerce sites that are handling customers’ credit card data, you may want to further increase security to allow only TLS 1.2 or higher. In that case, you can easily change your TLS version configuration from within the Atomic control panel.