lock
SSL/TLS Certificate Reference
Understand SSL certificates, protocols, and best practices.
Certificate Types
DV (Domain Validated)
Validates domain ownership only. Fastest to issue (minutes). Free options available (Let's Encrypt).
Best for: Blogs, personal sites
OV (Organization Validated)
Validates organization identity. Takes 1-3 days. Shows company name in certificate details.
Best for: Business websites
EV (Extended Validation)
Highest validation level. Strict identity verification. Takes 1-2 weeks.
Best for: E-commerce, banking
TLS Protocol Versions
| Version | Year | Status | Notes |
|---|---|---|---|
| SSL 2.0 | 1995 | Deprecated | Severely broken. Never use. |
| SSL 3.0 | 1996 | Deprecated | POODLE vulnerability. Disabled in all browsers. |
| TLS 1.0 | 1999 | Deprecated | BEAST attack. Removed from browsers 2020. |
| TLS 1.1 | 2006 | Deprecated | No longer supported in modern browsers. |
| TLS 1.2 | 2008 | Supported | Widely used. Minimum recommended version. |
| TLS 1.3 | 2018 | Recommended | Faster handshake, stronger security. Use this. |
Cipher Suites Cheat Sheet
Recommended:
TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256Acceptable:
ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-AES128-GCM-SHA256Avoid:
RC4, 3DES, MD5, SHA1, NULL, EXPORT