What is Transport Layer Security or TLS?
Transport Layer Security (TLS) is a security protocol that’s mostly used to secure traffic between the web browser and websites via HTTPS. It ensures that the sender and receiver are who they are, and data retains integrity through encryption. If you see a padlock to the left of your website address in your browser, that probably means your browser is using a secure connection with TLS.
How TLS works
When you accessed this article, your web browser was using TLS. Let’s look into what is happening behind the scenes.
- The browser requests the groovyPost website by https://www.groovypost.com using HTTPS headers.
- The groovyPost server sends a certificate containing its public key (known text cipher) to the browser client.
- Your browser validates the certificate (correct expire date, name) and creates a symmetric key (pair of matching keys) that are only valid for this visit/session.
- groovyPost server decrypts the symmetric key with its private key (unknown text cipher) and returns data to the client encrypted with the symmetric session key.
- The browser decrypts the data with its symmetric session key, so it becomes readable.
TLS helps to protect your information during transit, and attackers capturing data will see only garbage because they don’t have the session key that is needed to decrypt and read the data.
Pre-versions of TLS were named SSL (versions 1.0/2.0/3.0), Secure Socket Layer, which was developed by a company called Netscape year 1994. If you were browsing the Internet during the 90s, you have most likely used its web browser called Netscape Navigator.
TLS 1.0 defined in 1999, an upgrade of SSL 3.0. Since SSL was so related to Netscape, IETF (Internet Engineering Task Force) changed the name to TLS to please Microsoft, who at the time had the most popular browser in Internet Explorer 5. 2006 came TLS 1.1, followed by TLS 1.2 in 2008. Somewhat recently (2018) came TLS 1.3, which is the latest version as of today.
Which browsers support which versions of TLS? Let’s take a look at some of the most popular web browsers of today.
Version 80 is the last to support TLS 1.0/1.1. Starting with Chrome version 81, only TLS 1.2/1.3 is supported. To support the more recent TLS 1.3, just be sure to have version 66 or later.
To update/check version go help > about Google Chrome.
Version 73 is the last to support TLS 1.0/1.1. Starting with Firefox version 74, only TLS 1.2/1.3 is supported. To support the more recent TLS 1.3, just be sure to have version 60 or later.
To update/check version go help > about Firefox.
Version 81 is the last to support TLS 1.0/1.1. Starting with Edge 82, only TLS 1.2/1.3 is supported.
Isn’t Edge a relatively new browser, how can it already be version 80+? Edge jumped from version 44 to 79 in January 2020 since it started to use the Chromium engine (same as Google Chrome).
Safari updates are part of the OS. After the updates on iOS and macOS in April 2020, support for TLS 1.0/1.1 drops.
Verify TLS used by Sites
If you want to know what TLS protocol versions a specific https site supports, you can visit a website such as https://www.cdn77.com/tls-test. Enter in the URL of the site and hit enter, and it will return the TLS protocols supported.
To check an https site with Google Chrome:
- Press F12 (or CTRL + SHIFT + I) to open Developer Tools.
- Select the Security tab
- At section, Connection read the TLS version. Information only shows if you are currently on a web address with HTTPS.
To check a site with Mozilla Firefox:
- Click on the padlock left in the address field, then on the > button in the middle far right.
- Click on More Information.
- Page Info window shows, and at the section Technical Details, you can read out which version of TLS used for this site.
Unless you are using a browser from the stone age, it will support TLS 1.2 and probably also TLS 1.3. The issue is if the web page you visit is using TLS 1.1 or older. All severe and active business should have support for TLS 1.2 or later, but of course, there are legacy sites out there who haven’t updated.
If you have any questions about TLS or the drop of support for TLS versions 1.0/1.1, join the discussion in our Windows 10 Forum.