Home / Security / Verify TLS 1.0 and 1.1 are disabled on your server
Transport Security · Security Ring

Verify TLS 1.0 and 1.1 are disabled on your server

20-30 min Impact: high Effort: low ✓ Manual completion

TLS 1.0 and 1.1 are outdated encryption protocol versions with known cryptographic weaknesses — modern browsers and payment processors increasingly refuse or warn on connections using them, and disabling them forces all connections to use the stronger TLS 1.2 or 1.3.

Leaving old TLS versions enabled does not usually break anything visibly today, but it is a real, unnecessary weak point, and some compliance standards (like PCI DSS for payment processing) explicitly require these to be disabled.

How to do it

  1. 1
    Check your current TLS configuration
    Run an SSL Labs test to see exactly which protocol versions your server currently accepts.
  2. 2
    Disable TLS 1.0 and 1.1 at the server or CDN level
    Most modern hosts and Cloudflare offer this as a simple setting; a custom server needs a config change.
  3. 3
    Confirm TLS 1.2 and 1.3 remain enabled
    These are the versions you want visitors actually using — disabling old versions should not affect them.
  4. 4
    Re-test to confirm
    An SSL Labs re-scan should show TLS 1.0 and 1.1 as disabled with no resulting grade penalty.

Common mistakes

How you will know it is done

An SSL Labs scan confirms TLS 1.0 and 1.1 are disabled and only TLS 1.2/1.3 are accepted.

Tools that help

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →