Question 1

What is TLS and why does it matter?

Accepted Answer

TLS (Transport Layer Security) is the cryptographic protocol that secures HTTPS connections. It ensures data is encrypted in transit between a browser and a server. TLS 1.3 (released 2018) is the current standard — it is faster and more secure than TLS 1.2. TLS 1.0 and 1.1 are deprecated and considered insecure; modern browsers refuse connections that use them.

Question 2

What does TLS 1.3 offer over TLS 1.2?

Accepted Answer

TLS 1.3 removes outdated cipher suites, reduces the handshake from 2 round-trips to 1 (1-RTT), supports 0-RTT resumption for repeat visitors, and eliminates weak algorithms like RSA key exchange and CBC mode ciphers. This makes it both faster and more secure. If your server still negotiates TLS 1.2, consider upgrading your web server or load balancer configuration.

Question 3

How do I check my SSL certificate expiry date?

Accepted Answer

This tool shows the certificate valid-from and valid-to dates and calculates the number of days remaining. Certificates with fewer than 30 days remaining are highlighted as a warning. Most certificate authorities issue certificates valid for 90 days (Let's Encrypt) or 1 year. Expired certificates cause browser warnings and block HTTPS connections.

Question 4

What is a cipher suite and which ones are secure?

Accepted Answer

A cipher suite is a named combination of key exchange, authentication, encryption, and MAC algorithms used to secure a TLS connection. Modern secure suites use ECDHE for key exchange, AES-GCM or CHACHA20-POLY1305 for encryption, and SHA-256 or SHA-384 for integrity. Avoid RC4, 3DES, MD5, and any suite labelled EXPORT or NULL — these are weak or broken.

כלים חינמיים למפתחי אתרים

TLS Version Checker