The Secure Sockets Layer (SSL) protocol was first introduced by Netscape in 1994. The Internet was growing and there was a need for transport security for web browsers and for various TCP protocols. Version 1.0 of SSL was never released because it had serious security flaws. The first official release of SSL, version 2.0, was out in 1995. The final version of the SSL protocol, SSL 3.0, was released in November 1996.
In 2011, the Internet Engineering Task Force (IETF) announced that SSL version 2.0 is deprecated. IETF recommended SSL v2 to be completely abandoned because according to a document that they released (RFC 6176) the protocol has several major deficiencies. These included using MD5 for message authentication, lack of protection for handshakes, using the same key for message integrity and encryption, and easy session termination. In June 2015, IETF also announced that SSL 3.0 is deprecated. As stated in a document released by IETF (RFC 7568), any TLS version is more secure than all versions of SSL. SSL also cannot use features of the TLS protocol such as Authenticated Encryption with Additional Data (AEAD), Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA), stateless session tickets, a datagram mode of operation (DTLS) and application-layer protocol negotiation.
TLS to the Rescue
The Transport Layer Security (TLS) protocol was first introduced in 1999 as an upgrade to SSL v3. The TLS 1.0 RFC document (RFC 2246) document states that the differences between TLS 1.0 and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability. TLS 1.1 (RFC 4346) was a minor update to TLS 1.0 released in April 2006. Some of the differences in this version included protections against Cipher Block Chaining (CBC) attacks. TLS 1.2 (RFC 5246) was released in August 2008. Changes included adding cipher-suite-specified pseudorandom functions (PRFs), adding AES cipher suites, removing IDEA and DES cipher suites, and several other enhancements.
The current version of TLS, TLS 1.3, was released in August 2018 (RFC 8446). It took IETF 10 years and 28 drafts to complete. This time, the protocol underwent some major changes with the focus on simplicity. Several unsafe technologies were removed, including SHA-1, MD5, RC4, DES, and 3DES. The protocol was streamlined for better performance: the handshake now requires only one round-trip (in some cases even zero). Other changes include encryption of SNI information for better privacy and a new signature standard (RSA-PSS). All modern browsers support TLS v1.3.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Agathoklis Prodromou
Web Systems Administrator/Developer
Akis has worked in the IT sphere for more than 13 years, developing his skills from a defensive perspective as a System Administrator and Web Developer but also from an offensive perspective as a penetration tester. He holds various professional certifications related to ethical hacking, digital forensics and incident response.
FAQs
In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section. In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0. If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
What is TLS 2? ›
Transport Layer Security (TLS) 1.2 is the successor to Secure Sockets Layer (SSL) used by endpoint devices and applications to authenticate and encrypt data securely when transferred over a network. TLS protocol is a widely accepted standard used by devices such as computers, phones, IoTs, meters, and sensors.
How do you fix Turn on TLS 1.0 TLS 1.1 and TLS 1.2 in advanced settings and try connecting to? ›
Open the Tools menu (click on the tools icon or type Alt - x) and select Internet options. Select the Advanced tab. Scroll down to the bottom of the Settings section. If TLS is not enabled, select the checkboxes next to Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.
How to check if TLS 1.2 is enabled? ›
-Press the Windows key + R to start Run, type regedit, and press Enter or click OK. -If you can't find any of the keys or if their values are not correct, then TLS 1.2 is not enabled.
How to check if SSL 2.0 is enabled or not? ›
How to identify if an SSL/TLS protocol is enabled/disabled
- Click Start or press the Windows key.
- In the Start menu, either in the Run box or the Search box, type regedit and press Enter. ...
- Navigate to follow the registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.
In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK. Restart your Windows server. You have successfully disabled the SSL v3 protocol.
How do I update my TLS version? ›
Under TLS Versions, you will see the TLS protocol version(s) currently selected. To update the protocol, simply click edit. Next, choose your desired protocol based on your requirements and hit Save Changes. Please note that you can not disable TLS v1.
What's the difference between SSL and TLS? ›
However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels.
Is tls1 2 still secure? ›
While TLS 1.2 can still be used, it is considered safe only when weak ciphers and algorithms are removed. On the other hand, TLS 1.3 is new; it supports modern encryption, comes with no known vulnerabilities, and also improves performance.
How do I fix outdated TLS security settings? ›
The fix is easy: In the windows search box, near the Windows Start button, type Internet Options. Open the result Internet options - control panel. Then click the Advanced tab. Scroll down in the long list to security and make sure use TLS 1.2 is checked.
Resetting all TLS settings to platform defaults
- From the System Utilities screen, select System Configuration > BIOS/Platform Configuration (RBSU) > Server Security > TLS (HTTPS) Options > Reset all settings to platform defaults.
- Click OK.
The SSL/TLS Vulnerability Scanner performs a security assessment of the configuration of the target SSL/TLS service to provide a list of weaknesses and vulnerabilities packed with detailed recommendations for remediation. The list of vulnerabilities detected by this scanner includes: Heartbleed. Ticketbleed.
Where do I find the TLS settings? ›
Click the Tools icon (gear symbol) in the upper right hand corner of the browser and click Internet Options. In the Internet Options window, select the Advanced tab. In the Advanced tab, under Settings, scroll down to the Security section. In the Security section, check Use TLS 1.1 and Use TLS 1.2.
Which TLS version am I using? ›
Enter the URL you wish to check in the browser. Right-click the page or select the Page drop-down menu, and select Properties. In the new window, look for the Connection section. This will describe the version of TLS or SSL used.
How to enable TLS1.2 on Chrome? ›
Google Chrome
- From the Start Menu > Open 'Internet Options' Options > Advanced tab.
- Scroll down to the Security category, manually check the option box for Use TLS 1.2 and un-check the option box for Use TLS 1.1 and Use TLS 1.0.
- Click OK.
- Close your browser and restart Google Chrome.
Create Registry Keys to Disable TLS 1.1
Press Windows key + R to open the Run dialog box. Type regedit and press Enter to open Registry Editor. Right-click on the “Protocols” folder and select “New” -> “Key“. Create a new DWORD registry entry named “DisabledByDefault” and set its value to “1“.
How to disable SSL certificate in Windows 10? ›
8 Easy Steps to Remove SSL Certificates in Windows 10
- Launch the Microsoft Management Console (MMC)
- Add the Certificates Snap-in.
- Select the Certificate Scope.
- Confirm Certificate Store Location.
- View Available Certificates.
- Locate the Certificate to Remove.
- Disable the Certificate.
- Restart the Server.
Support
- In the address bar, type about:config and press Enter.
- In the search box enter tls. ...
- Change the integer value to 2 to force the minimum version of the protocol to TLS 1.1 (entering 3 will force it to TLS 1.2).
Go to SSL/TLS > Edge Certificates. For Disable Universal SSL, select Disable Universal SSL. Read the warnings in the Acknowledgement. Select I Understand and select Confirm.
