How to enable TLS 1.3 support in Firefox and Chrome

https://www.ghacks.net/2017/06/15/how-to-enable-tls-1-3-support-in-firefox-and-chrome/

 From https://www.ssllabs.com/ssltest/viewMyClient.html (link is external) using my "retired" IE9 browser:

Thanks for that link -- I tested my IE11/Win7 desktop and it came back

Your user agent has good protocol support.

Your user agent supports TLS 1.2, which is recommended protocol version at the moment.

I'll test it out of interest on my two WIN10 installations later on.

Thanks for all the background .... 

Hello to those using Chrome 56 and TLS 1.3

I don't use Chrome, but I just came across this site.

http://searchsecurity.techtarget.com/news/450413934/Chrome-backs-out-of-TLS-13-support-after-proxy-issues

Thanks.

 

Hi, @lmacri

Thanks as always, for your comprehensive background info to subjects raised here ! 

Fwiw, I posted that link just for info, but having made those changes which can always be reverted, I've had no issues browsing, or otherwise using both FF and Chrome x64 versions. {Fingers are crossed !}

huwyngr:

 you can check out the Wikipedia entry on TLS 1.3 for that, it does remove support for some cryptographic hash functions and named elliptic curves, prohibits use of insecure SSL or RC4 negotiations, or supports a new stream cipher, key exchange protocols or digital signature algorithms.

While I'm not sure of the use of the "or" in that statement I wonder if the removals could have any adverse effect on Norton Security product performance -- good or bad?

 Hi huwyngr:

If you're interested , CloudFlare has a good overview of why TLS 1.3 connections to secure (https) sites are safer and more robust than TLS 1.2 at https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/.

I've used the fully supported Firefox as my default browser on my Vista SP2 machine since 2011, but the IE9 browser that is built-in to that OS cannot connect to secure sites using protocols higher than TLS 1.0.  SSL 2.0 and SSL 3.0 are disabled in my IE9 settings to harden it against vulnerabilities like Logjam, Freak and Poodle but IE9 could still potentially use some relatively insecure Triple DES and RC4 cipher suites for encryption key exchanges.  My bank won't even let me do online banking with IE9 (and kudos to them) because of concerns about Man-in-the-Middle (MitM) attacks when information is transmitted over a TLS 1.0 connection.  I'm guessing that users with IE9 and other unsupported browsers will be the most impacted when TLS 1.3 goes into wide release as more and more secure web sites disable support for older protocols like TLS 1.0, just like my bank did.  From https://www.ssllabs.com/ssltest/viewMyClient.html using my "retired" IE9 browser:

I don't think there will be a noticeable impact on the performance of Norton products (and they already use SHA-256 hash algorithms for checking digital signatures), but there will probably be lots of behind-the-scenes compliance testing if Symantec is upgrading their back-end servers to TLS 1.3.  You never know what Symantec is doing when it comes to server connection security, though.  I remember how shocked I was back in 2014 when I learned that Norton products included an outdated, unpatched version of OpenSSL that was susceptible to the Heartbleed bug and MitM attacks - see the old support article Information on Norton Products and the Heartbleed Vulnerability.

lmacri

 I don't think you would want to override the default setting in your browser

I wouldn't dream of it ..... <g> At least not on TLS ...

F 4 E:

https://www.ghacks.net/2017/06/15/how-to-enable-tls-1-3-support-in-firef...

From the ghacks.net article:

"Both Firefox and Chrome support TLS 1.3, but the version of Transport Layer Security is not enabled by default. The main reason for that, likely, is that it is still only available as a draft."

That sounds to me like TLS 1.3 is still in beta.  For now, I don't think you would want to override the default setting in your browser unless you were a system admin testing the new protocol on your web server.  As the ghacks.net article notes, TLS 1.3 support will be automatically enabled in browsers in a few more releases when this protocol is in wider use, ensuring that your handshake between your client computer and the back end server uses the newest (and safest) available protocol.

From the linked page:

 you can check out the Wikipedia entry on TLS 1.3 for that, it does remove support for some cryptographic hash functions and named elliptic curves, prohibits use of insecure SSL or RC4 negotiations, or supports a new stream cipher, key exchange protocols or digital signature algorithms.

While I'm not sure of the use of the "or" in that statement I wonder if the removals could have any adverse effect on Norton Security product performance -- good or bad? 

Just a query from someone who does not understand all this technology but tries always to keep track of "unintended consequences".