TLS / cipher scan
See which TLS versions a host supports and grade its configuration.
This SSL test, or TLS scan, negotiates with a server to find which protocol versions it supports — from legacy TLS 1.0/1.1 through modern TLS 1.2 and 1.3 — and distills the result into an overall grade. It flags weak signals such as support for deprecated protocols that drag your score down, and confirms the modern versions browsers and auditors expect. A strong grade means TLS 1.2+ only with the old protocols disabled. Server software and library defaults shift, so it's worth re-checking after changes.
Frequently asked questions
What makes a TLS configuration score poorly?
Support for deprecated protocols like TLS 1.0 or 1.1 is the biggest drag, along with the absence of TLS 1.3. Disabling the legacy versions usually restores a high score.
Why is TLS 1.0/1.1 a problem?
Both are deprecated and have known weaknesses; major browsers and PCI standards no longer accept them. Leaving them enabled exposes you to downgrade attacks.
Should I enable TLS 1.3?
Yes — it is faster and more secure than 1.2, with weak ciphers removed entirely. Serving 1.2 and 1.3 (and nothing older) is the current best practice.
How is this different from the SSL certificate checker?
The certificate checker reads the cert's issuer and expiry; this scan looks at the protocol versions the server will negotiate. Both matter for a secure setup.
Can my grade drop without me changing anything?
Yes, as standards tighten and protocols are deprecated. Re-checking periodically catches regressions before an auditor or browser does.
More SSL/TLS & security tools tools
Want this checked automatically and around the clock? Create a free SJ Monitor account and we'll alert you the moment something changes.