SSL/TLS Cheat Sheet
A quick reference for SSL/TLS protocols, certificate types, and security configurations.
Protocol Versions
| TLS 1.3 | Current — fastest, most secure (2018) |
| TLS 1.2 | Widely supported — still secure (2008) |
| TLS 1.1 | Deprecated — avoid (2006) |
| TLS 1.0 | Deprecated — avoid (1999) |
| SSL 3.0 | Insecure — never use (1996) |
Certificate Types
| DV (Domain Validated) | Basic — verifies domain ownership only |
| OV (Organization Validated) | Verifies domain + organization identity |
| EV (Extended Validation) | Highest — thorough vetting, green bar |
| Wildcard | *.example.com — secures all subdomains |
| Self-signed | No CA — for development only |
Best Practices
| Certificate expiry | Monitor and renew before expiry (Lets Encrypt: 90 days) |
| Cipher selection | Prefer AEAD ciphers (AES-GCM, ChaCha20-Poly1305) |
| HSTS | Strict-Transport-Security header |
| Perfect Forward Secrecy | Use ECDHE key exchange |