TLS 1.3 is the latest security protocol that improves upon TLS 1.2 in terms of security and performance. TLS 1.3 is still not widely used but some websites and web servers support TLS 1.3 protocol.
If TLS 1.3 is enabled in your browser or in the Operating System, the websites and apps that support this version will open with TLS 1.3 increasing overall security of the system and also enhancing the overall performance experience.
In this article, we will discuss how to enable or disable TLS 1.3 in Windows 10. We will also discuss enabling TLS 1.3 in popular browsers including Google Chrome, Microsoft Edge and Mozilla Firefox.
SSL (1, 2, 3) vs TLS (1.1, 1.2) vs TLS 1.3
SSL (Secure Socket Layer) protocol was developed by Netscape for securing the communication between the website and the browser. It evolved with versions 2 and 3.
When the standard expanded, it was named TLS but essentially the basic technology remains the same.
With each version update, TLS adds more security features and performance enhancements. TLS 1.2 is the most widely used protocol that is also considered secure while TLS 1.0 and TLS 1.1 are not considered secure.
Here are some of the features you will find in TLS 1.3:
- New security ciphers: TLS 1.3 uses new security ciphers and is not compatible with the old ones.
- Removed weak security: Weak security encryption has been removed and will not work with TLS 1.3 e.g., MD5, RC4 etc.
- Speed: TLS 1.3 speeds up the client/server communication by reducing the no. of connection trips required for negotiation.
- No monitoring: The organization and monitoring software will not be able to monitor secure connections using TLS 1.3. This is a huge concern for organizations while a good relief for the users.
Enable TLS 1.3 in Windows 10 (system-wide)
TLS 1.3 is not enabled in Windows 10 by default. If you are using network apps that require or support TLS 1.3, you should enable TLS 1.3 in Windows 10. You can use the reg file and run it on your system to enable TLS 1.3 in Windows 10.
Enable TLS 1.3.reg (205 bytes, 83 hits)
You have now made the required changes to the system registry to enable system-wide TLS 1.3.
If you want to disable TLS 1.3, you can run the following registry file:
Disable TLS 1.3.reg (unknown, 67 hits)
Enable TLS 1.3 on Microsoft Edge and Internet Explorer
Since TLS 1.3 is disabled by default, it needs to be manually enabled for each browser. Currently, Internet Explorer 11 and Edge do not support TLS 1.3 but will be supported in the next updates to come, according to sources from Microsoft Insider Program.
If you wish to enable the experimental version, follow the steps below to enable it on Microsoft Edge as well as Internet Explorer.
- Type inetcpl.cpl in Run and press Enter.
- In Internet Properties, go to the Advanced tab and scroll down to the very bottom. Check the box next to Use TLS 1.3.
- Click on Apply and Ok. Reboot your computer for the changes to take effect.
The Edge browser can now be used to connect to any website or server running TLS 1.3. This configuration also takes place on Internet Explorer simultaneously as well.
You can also disable TLS 1.3, or any other version by navigating to the Internet Properties window and unchecking the corresponding boxes.
Enable TLS 1.3 on Google Chrome
In the case of Google Chrome, a flag needs to be set to enabled in order to run TLS 1.3.
- Write the following in the address bar on Google Chrome:
- Search TLS in the search bar.
- In the drop-down menu next to TLS 1.3 hardening for local anchors, select Enabled.
- Now click on Relaunch at the bottom of the page.
This will now relaunch Chrome with the new settings applied, and TLS 1.3 will now be enabled.
If you ever need to disable TLS 1.3 on Google Chrome, simply go to the flags page and select Disabled from the drop-down menu.
Enable TLS 1.3 on Mozilla Firefox
Mozilla Firefox also has a unique way of running TLS 1.3.
- Enter the following in the address bar on Firefox:
- If you are presented with the Proceed with caution page, click Accept the risk and continue.
- There will be a search bar at the top of the page. Enter the following:
- Now double-click the security.tls.version.max and change the value to 4.
- Relaunch the browser and you should now have TLS 1.3 running on Mozilla Firefox.
In case you wish to revert to the settings, just change the value of security.tls.version.max to 3, and relaunch the browser.
How do I check if TLS 1.3 is enabled?
If you are still in doubt whether TLS 1.3 is functional, you can navigate to the page provided by Cloudflare to check whether TLS 1.3 is enabled or not. It runs a quick scan and gives you some specifics about the browser you are currently using.
Another useful website is Qualys by SSL Labs to check for TLS 1.3.
Microsoft plans on enabling TLS 1.3 by default on all versions of Windows 10 after version 2004.
Please note that Microsoft Edge Legacy and Internet Explorer will not support TLS 1.3. You will need to upgrade your browser to Chromium based Edge browser for moving forward with security and enhanced performance.
Microsoft was also planning on disabling TLS 1.1 and 1.2 by default on the newer builds, but the global pandemic has forced them to delay it until the spring of 2021.
Where do you think TLS 1.3 should be made mandatory to use? Did you befall any serious threats, or were you saved by the encryption protocols?