Why TLS has four versions, what went wrong with the first three, and why TLS 1.3 deleted everything that wasn't provably safe.
TLS 1.0 and 1.1 weren't deprecated arbitrarily—a decade of attacks proved their cryptographic foundations were fundamentally flawed. Here's what broke and why patching wasn't enough.
Cipher suite selection determines whether your TLS encryption is actually secure. TLS 1.3 made this easy. TLS 1.2 requires knowing which combinations of key exchange, encryption, and hashing are safe—and which create vulnerabilities.
One HTTP header turns every future visit secure. HSTS makes browsers refuse to even attempt an unencrypted connection—but the first visit remains dangerously exposed.
HSTS preloading is a one-way door. Walk through it and browsers enforce HTTPS forever—even for users who've never visited your site. Here's what that commitment really means.
During TLS handshakes, servers must present certificates before clients reveal which site they want. SNI solves this impossible timing problem—and exposes which sites you visit to anyone watching.
When HTTPS pages load HTTP resources, the padlock lies. Learn why mixed content undermines your security and how to eliminate it.
Was this page helpful?