How to Manually Enable TLS 1.1 and Newer on Your Web Browser

Devin BeckerIdentity Management and Security
CERTIFIED EXPERT
I am currently working in the field of Cyber Security Assurance focusing on the NIAP scheme of Common Criteria
Published:
Updated:
Edited by: Andrew Leniart
Recent PCI standards require that TLS 1.0 no longer be used to secure data communications. PCI standards ensure that customer payment details are secure. This article will help to disable TLS 1.0 and enable newer versions that meet PCI standards and website compatibility.

What is TLS?


TLS stands for Transport Layer Security, and it is a protocol that provides both privacy and integrity of data between applications, such as clients and web servers. There are currently 4 versions of TLS: 1.0, 1.1, 1.2, and 1.3. Even though there are 4 versions, there is one that has become outdated: that is TLS 1.0. With TLS 1.0 being outdated, it no longer meets PCI(Payment Card Industry) Data Security Standards. According to the PCI, this is because TLS 1.0 is older, and has known vulnerabilities. With the PCI moving away from, and no longer supporting TLS 1.0, it is important that you check the TLS settings for your browser.


PCI Article on TLS 1.0



If you experience this web page when trying to reach a website, it is possible that the site no longer supports the version of TLS that your browser is running and you may need to check and change your settings to be able to access that web page.




How do I check if my browser is ready for TLS 1.1 and above?


Most of today's modern browsers, if kept up to date, already support TLS 1.1 and newer versions by default. These browsers are: 


Chrome version 30 and above, Firefox version 27 and above, Internet Explorer version 11, Safari for MacOS versions 7 and above, Safari versions 5 and above, and Opera version 12.18.


Some older versions of web browsers do support TLS 1.1 and newer, but not by default. These browsers need manual configuration to enable TLS 1.1 and newer: 


Firefox versions 23 through 36, Internet Explorer version 10, and Opera version 10 through 12.17.


Web Browser TLS Support




Configuring Your Browsers TLS Settings


If you are unsure if your browser has TLS 1.1 and above support, it is not enabled by default, or want to disable TLS 1.0 on your browser completely, follow the steps below for the browser you want to configure. 


Internet Options showing TLS browser settings


Google Chrome

  1. Click on the 3 vertical dot icon in the top right corner or press Alt+F on your keyboard
  2. Click the settings option
  3. Scroll down and click Advanced
  4. Scroll down and under System, click on "Open proxy settings"
  5. On the window that pops up go to the far right “Advanced” tab
  6. In the Settings box, scroll down to the Security section
  7. There will be 3 check-boxes
    1. "Use TLS 1.0"
    2. "Use TLS 1.1"
    3. "Use TLS 1.2"
  8. Select the check-boxes for TLS 1.1 and TLS 1.2
    • You may also deselect the check-box for TLS 1.0 as it is becoming unsupported
  9. Click Apply and OK
  10. Restart your browser

Note: As of version 69.0, Chrome does not yet support TLS 1.3


Mozilla Firefox

  1. On the top URL and browse bar, type “about:config”
  2. Click "I accept the risk!" on the warning
  3. Then using the search bar below the back, refresh and home icons, type: “tls”
  4. Find the “security.tls.version.min”, right click and click modify
  5. In the text box that shows up change to the desired value. Values 1-4 are supported
    • a value of 1 represents TLS 1.0, a value of 2 represents TLS 1.1, a value of 3 represents TLS 1.2, and a value of 4 represents TLS 1.3.
  6. To force TLS 1.1 and above make sure that the security.tls.version.min is set to 2, and that the security.tls.version.max is set to 4 to support up to TLS 1.3
    • Note: Only Firefox versions 49 and above support TLS 1.3, so if you are using a version lower than this, you want to set the "security.tls.version.max" to a value of 3.
  7. Restart your browser


Firefox's Settings for TLS versions


Internet Explorer

  1. Click on the gear icon in the top right corner
  2. Select "Internet Options"
  3. On the window that pops up go to the far right “Advanced” tab
  4. In the Settings box, scroll down to the Security section
  5. There will be 3 checkboxes
    1. "Use TLS 1.0"
    2. "Use TLS 1.1"
    3. "Use TLS 1.2"
  6. Select the check-boxes for TLS 1.1 and TLS 1.2
    • You may also deselect the check-box for TLS 1.0 as it is becoming unsupported
  7. Click Apply and OK
  8. Restart your browser

Note: As of version 11, Internet Explorer does not yet support TLS 1.3


Microsoft Edge

  1. Press the Windows key on your keyboard and type "Internet Options" and press enter
  2. On the window that pops up go to the far right “Advanced” tab
  3. In the Settings box, scroll down to the Security section
  4. There will be 3 check-boxes
    1. "Use TLS 1.0"
    2. "Use TLS 1.1"
    3. "Use TLS 1.2"
  5. Select the check-boxes for TLS 1.1 and TLS 1.2
    • You may also deselect the check-box for TLS 1.0 as it is becoming unsupported
  6. Click Apply and OK
  7. Restart your browser

Note: As of version 15, Microsoft Edge does not yet support TLS 1.3


Opera Browser

  1. Press Ctrl + F12 to open the settings, or type "settings" in the URL/search bar and press Enter
  2. Scroll down and click Advanced
  3. Scroll down and under System, click on "Open proxy settings"
  4. On the window that pops up go to the far right “Advanced” tab
  5. In the Settings box, scroll down to the Security section
  6. There will be 3 check-boxes
    1. "Use TLS 1.0"
    2. "Use TLS 1.1"
    3. "Use TLS 1.2"
  7. Select the check-boxes for TLS 1.1 and TLS 1.2
    • You may also deselect the check-box for TLS 1.0 as it is becoming unsupported
  8. Click Apply and OK
  9. Restart your browser

Note: As of version 12.18, Opera does not yet support TLS 1.3


Apple Safari

There is currently no way to change or modify your SSL/TLS settings in Safari. However, Safari versions 7 and above on MacOS, as well as Safari versions 5 and above on iOS have TLS 1.1 and TLS 1.2 enabled by default.




"With the PCI moving away from, and no longer supporting TLS 1.0, it is important that you check the TLS settings for your browser."


I hope that with the help of this article you can continue to use and enjoy the sites that you frequently visit, without any holdups.




5
2,443 Views
Devin BeckerIdentity Management and Security
CERTIFIED EXPERT
I am currently working in the field of Cyber Security Assurance focusing on the NIAP scheme of Common Criteria

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community