Why you may want to update your browser in the next 9 days

  • 8 Replies
  • 1184 Views
*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10626
Why you may want to update your browser in the next 9 days
« on: June 23, 2018, 06:59:00 AM »
It’s time for early Transport Layer Security (TLS) versions to die, die, die… which means that it’s time for all of us, if we haven’t already, to take our browsers, our projects and/or our organizations and upgrade, upgrade, upgrade.

Details: https://nakedsecurity.sophos.com/2018/06/21/why-you-may-want-to-update-your-browser-in-the-next-9-days/

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Why you may want to update your browser in the next 9 days
« Reply #1 on: June 24, 2018, 06:55:05 AM »
You can test your browser here:  https://www.ssllabs.com/ssltest/viewMyClient.html

You want to see support for TLS 1.2 (Firefox 60.0.2 already supports TLS 1.3).

If you wish, you can DISable [fallback to] TLS 1.0 in FF (and PaleMoon) via   about:config   by changing
security.tls.version.min to 2

and in IE via Tools / Internet Options / Advanced / scroll down to Security and UNcheck TLS 1.0

*

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • 10626
Re: Why you may want to update your browser in the next 9 days
« Reply #2 on: June 24, 2018, 07:26:46 AM »
Thank you for that, ky331!  :)1

Microsoft MVP Consumer Security 2006-2016
Microsoft Windows Insider MVP 2016-

*

Offline joe53

  • Dell Community Colleague
  • SpywareHammer Staff
  • Bronze Member
  • 250
  • Certifiable
    • Free PC Security Software- A Primer
Re: Why you may want to update your browser in the next 9 days
« Reply #3 on: June 24, 2018, 06:21:40 PM »
Thanks ky331 and Bb. Good gen.

Is there any reason to Not uncheck TLS 1.1 as well as 1.0 in IE?

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Why you may want to update your browser in the next 9 days
« Reply #4 on: June 25, 2018, 04:48:58 AM »
As I understand it, July 1st should mark the end of TLS 1.0 usage.

TLS 1.2 is the current recommended version, but apparently some sites haven't fully updated, and so may still be running v1.1.

When your browser tries to connect to a website, it will attempt to do so using the highest version of TLS it has available... typically 1.2 now... and [only] if that attempt fails, it will try to negotiate using the lower level, 1.1.    If you uncheck the 1.1 option, and any website you try to access still uses it, you're browser will refuse to connect to that site.

So the question becomes:   how prevalent are websites that still use (only) TLS 1.1?   (Perhaps BB can enlighten us???)   And more specifically, do you actually use any of these?    It's certainly easy enough to uncheck TLS 1.1 in IE [or up the tls...min value to 3] ... and IF some website you use/need is no longer accessible, try switching back to see if that makes the difference.    [Alternatively, you might consider disabling TLS 1.1 in your primary browser, as a test of enhanced security, but keep it enabled in a secondary browser for the sake of those sites you determine still use it.]


*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Why you may want to update your browser in the next 9 days
« Reply #5 on: June 25, 2018, 05:35:15 AM »
The PCI (Payment Card Industry) Data Security Standard for safeguarding payment data, effective 30 June 2018, mandates TLS 1.1 or higher (TLS v1.2 is strongly encouraged).
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

While PCI standards will still allow TLS 1.1 after June, many websites are choosing to deprecate both [TLS 1.0 and 1.1] at the same time due to the historically low adoption (*) of [the 1.1] version.
https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/

(*) Take it for what it's worth:   a 24-hour test by Cloudfare in December 2017 showed the following breakdown of TLS usage:
TLS % usage
1.3  00.06%
1.2  88.20%
1.1  00.38%
1.0  11.36%
https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
 

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Why you may want to update your browser in the next 9 days
« Reply #6 on: June 25, 2018, 08:23:54 AM »
If you disable TLS 1.1, and "stumble" upon a page that still needs it
(test site:   https://tls-v1-1.badssl.com:1011/  ) ,
you will be notifed:


*

Offline joe53

  • Dell Community Colleague
  • SpywareHammer Staff
  • Bronze Member
  • 250
  • Certifiable
    • Free PC Security Software- A Primer
Re: Why you may want to update your browser in the next 9 days
« Reply #7 on: June 25, 2018, 06:35:28 PM »
Thanks again.   :ty

I disabled I.I in my primary IE browser, but retained it in my backup browsers.

*

Offline ky331

  • Dell Community Colleague
  • Dell Support Group
  • Bronze Member
  • 373
  • Rascal & Biscuit
Re: Why you may want to update your browser in the next 9 days
« Reply #8 on: June 26, 2018, 07:27:26 AM »

Firefox 61.0 was released today (6/26), including
Improved security:   On-by-default support for the latest draft of the TLS 1.3 specification