How it works
When you accessed this article, your web browser was using TLS. Let’s look into what is happening behind the scenes.
- The browser requests The Cloud Consultancy website by https://www.thecloudconsultancy.eu using HTTPS headers.
- The The Cloud Consultancy server sends a certificate containing its public key (known text cipher) to the browser client.
- Your browser validates the certificate (correct expire date, name) and creates a symmetric key (pair of matching keys) that are only valid for this visit/session.
- The Cloud Consultancy server decrypts the symmetric key with its private key (unknown text cipher) and returns data to the client encrypted with the symmetric session key.
- The browser decrypts the data with its symmetric session key, so it becomes readable.
TLS helps to protect your information during transit, and attackers capturing data will see only garbage because they don’t have the session key that is needed to decrypt and read the data.
TLS History
Pre-versions of TLS were named SSL (versions 1.0/2.0/3.0), Secure Socket Layer, which was developed by Netscape in 1994. If you were browsing the Internet during the 90s, you have most likely used its web browser called Netscape Navigator.
TLS 1.0 defined in 1999, an upgrade of SSL 3.0. Since SSL was so related to Netscape, the IETF (Internet Engineering Task Force) changed the name to TLS to please Microsoft, who at the time had the most popular browser in Internet Explorer 5. 2006 came TLS 1.1, followed by TLS 1.2 in 2008. Somewhat recently (2018) came TLS 1.3, which is the latest version as of today.
Browser Support
Which browsers support which versions of TLS? Let’s take a look at some of the most popular web browsers of today.
Google Chrome
Version 80 is the last to support TLS 1.0/1.1. Starting with Chrome version 81, only TLS 1.2/1.3 is supported.
To support the more recent TLS 1.3, just be sure to have version 66 or later.
To update/check version go to help > about Google Chrome.
Mozilla Firefox
Version 73 is the last to support TLS 1.0/1.1. Starting with Firefox version 74, only TLS 1.2/1.3 is supported.
To support the more recent TLS 1.3, just be sure to have version 60 or later.
To update/check version go help > about Firefox.
Microsoft Edge
Version 81 is the last to support TLS 1.0/1.1. Starting with Edge 82, only TLS 1.2/1.3 is supported.
Isn’t Edge a relatively new browser, how can it already be version 80+? Edge jumped from version 44 to 79 in January 2020 since it started to use the Chromium engine (same as Google Chrome).
Apple Safari
Safari updates are part of the OS. After the updates on iOS and macOS in April 2020, support for TLS 1.0/1.1 drops.
Verify TLS used by Sites
If you want to know what TLS protocol versions a specific https site supports, you can visit a website such as https://www.cdn77.com/tls-test. Enter in the URL of the site and hit enter, and it will return the TLS protocols supported.
To check an https site with Google Chrome:
- Press F12 (or CTRL + SHIFT + I) to open Developer Tools.
- Select the Security tab
- At section, Connection read the TLS version. Information only shows if you are currently on a web address with HTTPS.
To check a site with Mozilla Firefox:
- Click on the padlock left in the address field, then on the > button in the middle far right.
2. Click on More Information.
3. Page Info window shows, and at the section Technical Details, you can read out which version of TLS used for this site.
Conclusion
Unless you are using a browser from the stone age, it will support TLS 1.2 and probably also TLS 1.3. The issue is if the web page you visit is using TLS 1.1 or older. All severe and active business should have support for TLS 1.2 or later, but of course, there are legacy sites out there who haven’t updated.
Source: GroovyPost Author:
If your employees are working from home The Cloud Consultancy can help you with VPN’s, Password Management, Multi Factor Authentication, Firewalls, Fast 4G LTE Connectivity and more. We also provide tailored remote training to ensure that you, your staff and stakeholders are informed and educated about good cyber security practices along with Office 365 training on how to use Microsoft Teams.