methodology / Security & Infrastructure / #27

TLS minimum version & cipher suite quality

live factor #27 · Security & Infrastructure · scoring impl: implemented · weight 1.3%

What we measure

Old TLS versions (1.0/1.1) and weak cipher suites are known-broken. Modern sites support TLS 1.2 minimum, ideally TLS 1.3, with strong ciphers only.

How to improve your score

Configure web server / CDN to disable TLS 1.0 and 1.1, restrict to AEAD ciphers (AES-GCM, ChaCha20).

Data source

Data source for this factor is not yet documented.

Scoring

Scoring formulas are versioned with the methodology. The current method (v1.1.0) maps raw measurements to pass, warn, fail. Factor weights determine how much each contributes to the composite — see the methodology index for the full table.

Version history

← back to methodology