SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that establish encrypted, authenticated connections between clients and servers. The TLS handshake verifies the server's certificate, negotiates a cipher, and derives session keys before any application data flows. Modern sites should use TLS 1.2 or TLS 1.3; SSL 2.0/3.0 and TLS 1.0/1.1 are deprecated and disabled in major browsers.
Why it matters
Without TLS, anything between the user and your server — passwords, session cookies, payment details — can be read or modified by anyone on the network path. A valid certificate is also a prerequisite for HTTPS, HTTP/2, HTTP/3, and most modern browser APIs. Expired or mismatched certificates cause hard browser errors that block visitors entirely, which crushes conversion and damages trust.
How to check
- Request a certificate from a trusted CA and renew automatically (for example with ACME) well before expiry.
- Disable TLS 1.0 and 1.1 and prefer TLS 1.3 cipher suites in your server config.
- Enforce encrypted transport with HSTS and a long
max-age. - Restrict who can issue certificates for your domain with a DNS CAA Record.
- Run an external scan (such as SSL Labs) to catch weak ciphers, missing intermediates, or certificate chain errors.
- Combine with DNSSEC so attackers cannot redirect resolution before TLS even starts.