Security check

TLS check: encryption that actually holds

Old TLS and weak cipher suites turn encryption into false comfort. We check your TLS versions, cipher suites and certificates and show what should be turned off.

Run a free domain scan All checks β†’
Relates to: NIS2 Β· art. 21 β€” operational security ISO 27001 Β· A.8.24 cryptography PCI DSS Β· requirement 4

What we check

We verify which TLS versions your service allows (TLS 1.0/1.1 should be off), which cipher suites are offered, the certificate's validity and chain, and whether the key exchange provides forward secrecy.

Why it matters

TLS 1.0/1.1 and weak cipher suites are known-broken and rejected under PCI DSS. An expiring or misconfigured certificate is both a security hole and an outage when it lapses unexpectedly.

How Security Guru tests it

Common mistakes

  • TLS 1.0/1.1 still enabled
  • Weak cipher suites (RC4, 3DES) offered
  • Certificate expiring soon with no renewal routine
  • Incomplete certificate chain β†’ warnings in some clients

What you get in the report

  • Allowed TLS versions and recommended baseline
  • Weak cipher suites to disable
  • Certificate expiry date and chain status
  • Mapping to PCI DSS req 4 / ISO A.8.24

FAQ

What TLS baseline should I have?

TLS 1.2 and 1.3 on, TLS 1.0/1.1 off, only strong cipher suites with forward secrecy. We give you the exact recommendation.

Does the test affect my users?

No β€” it's a passive handshake analysis against your public endpoint.

Do you warn before certs expire?

In continuous monitoring, yes β€” we alert well before renewal is needed.

Want to know your status?

Run a free scan or order a full Security Assessment β€” prioritised, not noise.

Run a free domain scan