More About TLS and SSL

Last modified: January 27, 2020


This document explains the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols and how servers use them.


We support TLS version 1.2 and TLS version 1.3.

  • We strongly recommend that you enable TLSv1.2 on your server. Some clients don’t support TLSv1.3, which requires OpenSSL 1.1.1 or higher.
  • We only support TLSv1.3 on systems that run cPanel & WHM version 86 or higher.


TLS and SSL are two cryptographic protocols that clients and servers use for secure communication over the Internet. Systems frequently use them for email and web browsing.

Both of these protocols initiate a “handshake,” during which your server and the user’s computer agree upon specific conditions. These conditions include, most importantly, a set of public and private keys that they will use to encrypt and decrypt messages during the secure session.

As a web server, your server will identify itself with a certificate when it receives a secure request from a user. These certificates are either self-signed or verified through a certificate authority (CA).

Servers generate and sign their own self-signed certificates. We do not recommend self-signed certificates because they do not use a third-party verification system, and any server can spoof your server. To remedy this issue, we recommend that you use a certificate that you obtain through a CA. The CA verifies the identity of your server to secure user requests.

Additional Documentation