We’re in the process of developing a new Windows 8.1 SOE for a customer. One of the things I looked at was Internet Explorer HTTPS transmission security. Out of that, one of the things I recommend is enabling TLS 1.2.
TLS 1.2 – Configure Internet Explorer to use TLS 1.2 by default.
Transport Layer Security is how web browsers* communicate over the Internet. The current version, TLS 1.2 has a number of security enhancements & protection mechanisms over previous versions. Enabling it is, not only a Microsoft recommendation, but a good thing. Internet Explorer will fail back to older TLS versions if the web site doesn’t support TLS 1.2.
You can enable TLS 1.2 support via Group Policy or directly via Internet Explorer –> Internet Options –> Advanced –> Security.
How do I test that Internet Explorer is using TLS 1.2?
Visit:
- https://cc.dcsec.uni-hannover.de/
If the webpage reports under the “Further Information” heading that “This connection uses TLSv1.2 with …”, then you have enabled TLS 1.2.
or - How’s My SSL? If, under the Version heading, it says TLS 1.2, then you’re using TLS 1.2.
What about other web browsers?
No. You’ll need to configure each web browser to support TLS 1.2. Some have better TLS support than others.
How do I tell whether a website supports TLS 1.2?
Use SSL Configuration Checker to test the website.
What if my web host tells me to disable TLS 1.1 or TLS 1.2?
”Run!”, would be my first thought. Your web host is telling you that they are not interested in providing a secure website.
References:
Security Advisory 2868725: Recommendation to disable RC4
Microsoft MSDN Blog – Support for SSL/TLS protocols on Windows
Disabling TLS/SSL RC4 in Firefox and Chrome
RC4 in TLS is Broken: Now What?
IE11 Automatically Makes Over 40% of the Web More Secure While Making Sure Sites Continue to Work
SSL Pulse – Survey of the SSL Implementation of the Most Popular Web Sites
* amongst other things.