Transport Layer Security (TLS) Version Support

franrob-projects · franrob-projects · commit 10165385ca4b · 2025-09-26T11:06:27.000+02:00
diff --git a/src/pages/docs/channels/options/encryption.mdx b/src/pages/docs/channels/options/encryption.mdx
@@ -36,6 +36,27 @@ Unencrypted communication with Ably is **disallowed** if any of the following co
 
 * A client using an unencrypted connection attempts to attach to a channel that is configured to be used with [TLS only](/docs/channels#rules).
 
+### TLS version support
+
+Ably endpoints support TLS 1.2 and TLS 1.3, providing modern, secure encryption methods that protect your data and communications from malicious attacks.
+
+**Automatic version negotiation:**
+Ably automatically defaults to the highest TLS version supported by both the client and server. If both support TLS 1.3, it will be used by default as it provides the most secure and efficient connection.
+
+Benefits of TLS 1.2 and 1.3:
+- Protection against vulnerabilities such as man-in-the-middle attacks.
+- TLS 1.3 reduces round trips during handshake for quicker connections.
+- Forward secrecy and improved encryption algorithms.
+- Modern environments support these versions by default.
+
+#### Legacy TLS versions
+
+TLS 1.0 and 1.1 are deprecated and [will be sunset in June 2025](/docs/platform/deprecate/tls-v1-1). These older versions pose security risks and should be avoided. If using legacy systems, update them to support TLS 1.2 or higher.
+
+#### Client configuration
+
+Most modern clients and libraries are configured automatically to use TLS 1.2+ by default. The JavaScript library uses the TLS version supported by the browser environment, while Node.js uses the version determined by the Node.js runtime.
+
 ### TLS vs. message encryption
 
 While TLS encryption ensures that messages in transit to and from Ably cannot be intercepted, inspected, or tampered with, it does not ensure that the Ably service itself is unable to inspect your messages and their content. If you want to ensure that all messages are encrypted and inaccessible to even Ably, consider using the [message-level encryption](#with-ably) feature included in the client libraries.
