Tests TLS 1.0/1.1/1.2/1.3 support in parallel and reports the cipher suite negotiated for each version.
101IP connects to your server in parallel, forcing each TLS version, and reports which protocols are accepted and which cipher suites are negotiated.
Ciphers marked PFS use ECDHE or DHE key exchange. This means past sessions cannot be decrypted even if the server's private key is later compromised.
TLS 1.0 and 1.1 contain known vulnerabilities: BEAST, POODLE, and other attacks targeting CBC block ciphers. They were officially deprecated by RFC 8996 and disabled in most browsers since 2020. Supporting these versions lowers the server's security rating and exposes connections to potential downgrade attacks.
Perfect Forward Secrecy is a property of a protocol where compromising the server's long-term private key does not allow decrypting previously recorded sessions. It is achieved by using ephemeral DHE or ECDHE key exchange for each session. Cipher suites with PFS (for example, ECDHE-RSA-AES256-GCM-SHA384) are labeled as PFS in the check results.
A — only TLS 1.2/1.3 supported, all ciphers with PFS. B — minor cipher issues. C — TLS 1.1 present. D — TLS 1.0 accessible. F — critical vulnerabilities or weak ciphers in use (RC4, DES, EXPORT). Aim for grade A or A+ to ensure strong transport security.