TLS Version
Checks that the server uses TLS 1.2 or higher — older versions are broken.
What this check measures
During the TLS handshake we record the negotiated version. TLS 1.0 and 1.1 have known attacks (BEAST, POODLE) and are deprecated by browsers. TLS 1.2 is minimum; 1.3 is preferred.
Why it matters
Browsers show warnings or refuse connection for deprecated TLS. Legacy TLS exposes your users to on-path attackers who can downgrade the connection. Payment card regulations (PCI DSS) require TLS 1.2+ since 2018.
How our audit detects it
Attempt TLS handshake with each version from 1.0 to 1.3. Record which succeed. Flag if 1.0 or 1.1 still accepted.
Typical findings
- error_outlineServer still accepts TLS 1.0 — usually a default on old Apache.
- error_outlineServer rejects TLS 1.3 — out-of-date OpenSSL library.
- error_outlineServer forces TLS 1.2 only, no 1.3 fallback.
How to fix
Configure your server or CDN to allow only TLS 1.2 and 1.3. Disable TLS 1.0, 1.1, and SSL 3.0 entirely. Modern hosts do this by default.
Frequently asked questions
TLS 1.2 vs 1.3?expand_more
Want this checked on your site?
Pantra runs the full audit (SEO, Security, GEO, Performance, Schema, Technical, Images) in 10 seconds and generates stack-specific fix prompts.
Scan my siteRelated checks
HTTPS Enabled
Checks that the site serves over HTTPS and redirects HTTP to HTTPS.
SecurityMixed Content
Checks for HTTP resources loaded on HTTPS pages — browsers block or warn.
SecuritySSL Certificate
Checks that the SSL certificate is valid, not expired, and not expiring soon.
SecurityHSTS Header
Checks for Strict-Transport-Security header — blocks HTTPS downgrade attacks.