TLS Version
free/v1/domain/tls-versionVerifies TLS connectivity for a domain and confirms support for modern TLS versions (1.2+). Note: Cloudflare Workers negotiate TLS 1.2 or 1.3 automatically; individual version testing requires dedicated tools like testssl.sh or SSL Labs.
What It Does
Performs a TLS handshake with the domain to verify connectivity. A successful connection confirms the server supports at minimum TLS 1.2. TLS 1.3 support may also be present but cannot be independently confirmed from this environment. For precise per-version enumeration, use testssl.sh, nmap, or Qualys SSL Labs.
Why It's Useful
TLS version support directly impacts security posture. PCI DSS 4.0.1 (current version) and NIST SP 800-52r2 require TLS 1.2 as a minimum, and HIPAA follows similar guidance. This endpoint helps verify compliance and identify servers needing protocol updates.
Use Cases
Security Compliance Audit
Verify all public-facing servers have disabled TLS 1.0 and 1.1 as required by PCI DSS 4.0.
Maintain compliance by identifying servers with deprecated TLS versions.
Security Assessment
Identify weak TLS configurations during security assessments.
Document TLS misconfigurations for remediation recommendations.
Infrastructure Hardening
Verify TLS configuration after hardening load balancers or web servers.
Confirm TLS hardening was applied correctly across infrastructure.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
domain | string | Required | The domain to check TLS version support forExample: example.com |
port | number | Optional | Port to connect to (default: 443)Example: 443 |
Response Fields
| Field | Type | Description |
|---|---|---|
domain | string | The queried domain |
port | number | The port used for connection |
supportedVersions | array | TLS versions confirmed as supported (at minimum TLS 1.2) |
preferredVersion | string | null | Negotiated TLS version (from Cloudflare metadata, or null if unavailable) |
negotiatedCipher | string | null | Negotiated cipher suite (from Cloudflare metadata, or null if unavailable) |
deprecatedVersions | array | Deprecated TLS versions detected (empty — per-version testing not available) |
recommendations | array | Security improvement suggestions |
Code Examples
curl "https://api.edgedns.dev/v1/domain/tls-version" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "domain=example.com"const response = await fetch(
'https://api.edgedns.dev/v1/domain/tls-version?domain=example.com',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/domain/tls-version',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'domain': 'example.com'
}
)
data = response.json()
print(data)Read the full TLS Version guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.