All you need to know about TLSv1.2
What is TLS ?
TLS is short for “Transport Layer Security” — Basically this protocol helps your system (clients and servers) communicate over the secured layer where data travels over the wire in encrypted format which could be understood only by the involved parties not by intrusions or outside audience.
So how does it work ?
TLS supports various methods of key exchange, data encryption and authenticates message integrity .
More info
What all versions of TLS exist ?
Apart from its now-deprecated predecessor SSL (1.0 -never released ,2.0- deprecated on 2011 ,3.0 -deprecated on 2015), TLS has following versions :
TLS 1.0 (Jan 1999 — March 2020)
TLS 1.1 ( April 2006 — Still used)
TLS 1.2 (August 2008 — Mostly used as of today)
TLS 1.3 (August 2018 — Improved modern protocol recommended by cryptographers)
Should we move to TLS 1.2 ? What if i don’t ?
Though the TLS 1.0 & 1.1 are universally supported by all the systems today but older protocols are always security risk to the system in place. so if i put it simply “You must move to the recent version of protocol”
- There are industries which also poses its norm to comply with latest version ,for example the payment card industry asked users to make their system work with TLS1.1 before last June (2018)
- Most of the cert providers also stopped supporting TLS 1.0 and 1.1 thus 1.2 is way forward.
- Your browsers might be supporting latest TLS version but the software needs to re-looked specially those which are running on-prem and those which has client-server model and wants to have secured data exchange.
How to check my browser TLS support ?
Check is your browser TLS support https://www.ssllabs.com/ssltest/viewMyClient.html
Once the page completes the test, scroll down to the Protocol Features section.
- Figure 1. Protocol Features
Check you website support for the TLS
If you’re not sure which protocols your site supports, you can use SSL Server Test. Navigate to the Protocols section of the results page; you’ll see a list of all the protocols and whether or not you currently have them enabled
Enabling TLS 1.1 and TLS 1.2 on web browsers
How can i make sure that my client code/libs are 1.2 compliant ?
If you have an application which connects to Single Sign-on via a server-to-server connection, and your application runs in a JVM on a version of Java prior to 1.8, you need to change your application to support TLS 1.2 for communicating to Single Sign-on.
If your application runs on Java 1.7 or Java 1.6 (update 111 or later), you can set the https.protocols system property when starting the JVM to enable additional protocols for connections made using the HttpsURLConnection class — for example, by setting -Dhttps.protocols=TLSv1.2.
If your application runs on Java 1.6 prior to update 111, or earlier, TLS 1.1 and 1.2 are not supported. Therefore, you need to update the version of Java your application runs on.
If you use another library for connections such as Apache HttpClient — See :how-to-set-tls-version-on-apache-httpclient
Common Software’s using TLS that faced/facing the issue
- Mostly non-browser software, APIs, and other internet infrastructure are going to be impacted by this version change.
- Older versions of development tools which don’t support TLS 1.2, such as curl, are still widely in use — either directly by developers or as dependencies bundled into other software
- OpenSSL 0.9.8y (“The version 1.0.1 is especially significant because it is the first version to support TLS 1.1 and 1.2” Text from Open SSL CookBook)
