TLS Studio
TLS protocol & cipher scanner
See exactly which TLS versions a host still offers — TLS 1.0 through 1.3 — the cipher it negotiates for each, and whether it has forward secrecy. Graded A–F.
Why old TLS versions matter
TLS 1.0 and 1.1 are deprecated and carry known weaknesses; browsers and compliance regimes (PCI DSS, and most modern security baselines) require them to be disabled. A host that still negotiates TLS 1.0 is the clearest sign of an out-of-date configuration. The goal is TLS 1.2 and 1.3 only, with forward-secret cipher suites (ECDHE), so a compromised key cannot decrypt past traffic.
How the scan works
Rather than read a single negotiated version, this forces a separate handshake pinned to each TLS version in turn and records which succeed — so you see the full support matrix, not just what your browser happened to negotiate. The probe runs from our resolver network. For the certificate itself, use the certificate chain visualiser, and for the whole domain, the full report.