Back to Glossary
high severity · Vulnerability Glossary

TLS 1.0 Deprecated

Updated June 17, 2026

4 min read

tls 1.0 deprecated
disable tls 1.0
tls 1.0 vulnerability
rfc 8996
tls 1.1 deprecated
pci dss tls
ssl_protocols nginx
beast attack

TLS 1.0 is the 1999 version of the protocol that secures HTTPS. It was formally deprecated by RFC 8996 in March 2021, and PCI DSS required disabling early TLS (1.0 and the closely related 1.1) by 30 June 2018. If your server still negotiates it, browsers may warn or refuse to connect, and auditors will flag it.

What is TLS 1.0 deprecation?

Deprecation means the protocol is officially marked obsolete and should no longer be used. TLS 1.0 — and its 2006 successor TLS 1.1 — were never patched to fix structural weaknesses; instead the IETF moved everyone forward to TLS 1.2 (2008) and TLS 1.3 (2018). RFC 8996 makes this formal: implementations "MUST NOT negotiate" TLS 1.0 or 1.1.

The problem is that "deprecated" does not mean "disabled." Plenty of web servers, load balancers, and legacy appliances were configured years ago and still accept a TLS 1.0 handshake from any client that offers it. The protocol keeps working silently until a scanner, an auditor, or an attacker points it out.

Why it's a risk / how it's exploited

TLS 1.0 carries weaknesses that cannot be configured away:

  • BEAST (CVE-2011-3389) abuses TLS 1.0's predictable CBC initialization vectors to recover plaintext such as session cookies. TLS 1.1+ fixed the IV handling that makes BEAST possible.
  • No modern AEAD ciphers. TLS 1.0 predates AES-GCM and ChaCha20-Poly1305, so it relies on older CBC and RC4 constructions that pair poorly with its design. This often overlaps with weak cipher suites on the same server.
  • Downgrade attacks. If a server offers both old and new protocols, a network attacker (think hostile Wi‑Fi or a compromised upstream) can interfere with the handshake to force the connection down to TLS 1.0, then attack the weaker protocol.
  • Compliance failure. Accepting early TLS is an automatic finding under PCI DSS and most security baselines, which can block payment processing or a vendor security review.

The practical consequence is that a single legacy-protocol line in your config can undermine otherwise-strong encryption and turn a passing audit into a failing one.

How to detect it

You can check from the command line with openssl. Force a TLS 1.0 handshake against your host:

openssl s_client -connect example.com:443 -tls1

If the handshake completes and shows a certificate, TLS 1.0 is enabled and accepting connections — that is the problem. If the server refuses with a handshake failure / no protocols available error, TLS 1.0 is correctly disabled. Repeat with -tls1_1 to confirm TLS 1.1 is also off.

To check the whole attack surface at once instead of one port at a time — including which weak ciphers ride along with the old protocol — run a website vulnerability scan. A DAST-style scan probes the live endpoint the same way a client would and reports the deprecated protocols and ciphers it accepts.

How to fix it

Disable TLS 1.0 and 1.1, and allow only TLS 1.2 and 1.3.

nginx — in your server (or http) block:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;

Reload with nginx -t && systemctl reload nginx.

Apache (mod_ssl) — in the relevant virtual host:

SSLProtocol -all +TLSv1.2 +TLSv1.3

Then apachectl configtest && systemctl reload apache2 (or httpd).

If your site is behind Cloudflare, set the Minimum TLS Version to 1.2 under SSL/TLS → Edge Certificates — that controls what visitors can negotiate at the edge.

After the change, re-run the openssl -tls1 check above to confirm the handshake now fails, and verify legitimate clients on TLS 1.2/1.3 still connect.

FAQ

Will disabling TLS 1.0 break old clients? It can affect very old browsers and unpatched legacy systems (roughly pre-2014). Modern browsers and current OS versions all support TLS 1.2+, so for a typical public website the compatibility impact is minimal and the security and compliance gain is required.

Is TLS 1.1 also deprecated? Yes. RFC 8996 deprecated TLS 1.0 and 1.1 together, and PCI DSS treats both as "early TLS." Disable both and standardize on TLS 1.2 and 1.3.


Not sure whether your server still answers an old handshake? A quick vulnerability scan checks your supported protocols and ciphers and tells you exactly what to turn off.

Related vulnerabilities