The Cloud Consultancy Europe Ltd.
+44 (0) 203 637 6667 [email protected]

Transport Layer Security or TLS is a method of encrypting web traffic. It helps ensure your daily web browsing is safe and secure. Here’s how it works.

How it works

When you accessed this article, your web browser was using TLS. Let’s look into what is happening behind the scenes.

  1. The browser requests The Cloud Consultancy website by https://www.thecloudconsultancy.eu using HTTPS headers.
  2. The The Cloud Consultancy server sends a certificate containing its public key (known text cipher) to the browser client.
  3. Your browser validates the certificate (correct expire date, name) and creates a symmetric key (pair of matching keys) that are only valid for this visit/session.
  4. The Cloud Consultancy server decrypts the symmetric key with its private key (unknown text cipher) and returns data to the client encrypted with the symmetric session key.
  5. The browser decrypts the data with its symmetric session key, so it becomes readable.

TLS helps to protect your information during transit, and attackers capturing data will see only garbage because they don’t have the session key that is needed to decrypt and read the data.

TLS History

Pre-versions of TLS were named SSL (versions 1.0/2.0/3.0), Secure Socket Layer, which was developed by Netscape in 1994. If you were browsing the Internet during the 90s, you have most likely used its web browser called Netscape Navigator.

TLS 1.0  defined in 1999, an upgrade of SSL 3.0. Since SSL was so related to Netscape, the IETF (Internet Engineering Task Force) changed the name to TLS to please Microsoft, who at the time had the most popular browser in Internet Explorer 5. 2006 came TLS 1.1, followed by TLS 1.2 in 2008. Somewhat recently (2018) came TLS 1.3, which is the latest version as of today.

Browser Support

Which browsers support which versions of TLS? Let’s take a look at some of the most popular web browsers of today.

Google Chrome

Version 80 is the last to support TLS 1.0/1.1. Starting with Chrome version 81, only TLS 1.2/1.3 is supported.
To support the more recent TLS 1.3, just be sure to have version 66 or later.
To update/check version go to help > about Google Chrome.

Mozilla Firefox

Version 73 is the last to support TLS 1.0/1.1. Starting with Firefox version 74, only TLS 1.2/1.3 is supported.
To support the more recent TLS 1.3, just be sure to have version 60 or later.
To update/check version go help > about Firefox.

Microsoft Edge

Version 81 is the last to support TLS 1.0/1.1. Starting with Edge 82, only TLS 1.2/1.3 is supported.
Isn’t Edge a relatively new browser, how can it already be version 80+? Edge jumped from version 44 to 79 in January 2020 since it started to use the Chromium engine (same as Google Chrome).

Apple Safari


Safari updates are part of the OS. After the updates on iOS and macOS in April 2020, support for TLS 1.0/1.1 drops.

Verify TLS used by Sites

If you want to know what TLS protocol versions a specific https site supports, you can visit a website such as https://www.cdn77.com/tls-test. Enter in the URL of the site and hit enter, and it will return the TLS protocols supported.

To check an https site with Google Chrome:

  1. Press F12 (or CTRL + SHIFT + I) to open Developer Tools.
  2. Select the Security tab
  3. At section, Connection read the TLS version. Information only shows if you are currently on a web address with HTTPS.

To check a site with Mozilla Firefox:

  1. Click on the padlock left in the address field, then on the > button in the middle far right.

2. Click on More Information.

3. Page Info window shows, and at the section Technical Details, you can read out which version of TLS used for this site.

Conclusion

Unless you are using a browser from the stone age, it will support TLS 1.2 and probably also TLS 1.3. The issue is if the web page you visit is using TLS 1.1 or older. All severe and active business should have support for TLS 1.2 or later, but of course, there are legacy sites out there who haven’t updated.

Source: GroovyPost    Author: 

 

If your employees are working from home The Cloud Consultancy can help you with VPN’s, Password Management, Multi Factor Authentication, Firewalls, Fast 4G LTE Connectivity and more. We also provide tailored remote training to ensure that you, your staff and stakeholders are informed and educated about good cyber security practices along with Office 365 training on how to use Microsoft Teams. 

The Cloud Consultancy Provision, Setup And Manage SME Cyber Security Services To Protect Your Business From BEC Scams.

Take a look at our Office 365 Vade Secure email security to protect your business against Spear Phishing.