In applications design, Transport Layer Security (TLS) is usually implemented on top of Transport Layer protocols, encrypting all of the protocol-related data of protocols such as HTTP, FTP, SMTP, NNTP and XMPP.
Historically, TLS has been used primarily with reliable transport protocols such as the Transmission Control Protocol (TCP). However, it has also been implemented with datagram-oriented transport protocols, such as the User Datagram Protocol (UDP) and the Datagram Congestion Control Protocol (DCCP), usage of which has been standardized independently using the term Datagram Transport Layer Security (DTLS).
A primary use of TLS is to secure World Wide Web traffic between a website and a web browser encoded with the HTTP protocol. This use of TLS to secure HTTP traffic constitutes the HTTPS protocol.[1]
Protocol version |
Website support[2] |
Security[2][3] |
---|---|---|
SSL 2.0 | 1.9% | Insecure |
SSL 3.0 | 7.6% | Insecure[4] |
TLS 1.0 | 68.0% | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.1 | 77.4% | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.2 | 95.2% | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.3 | 14.2% | Secure |
(As of April 2016), the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, and have them enabled by default. However, not all supported Microsoft operating systems support the latest version of IE. Additionally, many operating systems currently support multiple versions of IE, but this has changed according to Microsoft's Internet Explorer Support Lifecycle Policy FAQ, "beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates." The page then goes on to list the latest supported version of IE at that date for each operating system. The next critical date would be when an operating system reaches the end of life stage, which is in Microsoft's Windows lifecycle fact sheet.
There are still problems on several browser versions:
Mitigations against known attacks are not enough yet:
Browser | Version | Platforms | SSL protocols | TLS protocols | Certificate support | Vulnerabilities fixed[n 1] | Protocol selection by user [n 2] | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV [n 3][6] |
SHA-2 [7] |
ECDSA [8] |
BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[9][10] | Logjam | |||||
Google Chrome (Chrome for Android) [n 8] [n 9] |
1–9 | Windows (7+) OS X (10.10+) Linux Android (4.1+) iOS (9.0+) Chrome OS |
Disabled by default | Enabled by default | Yes | No | No | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected [15] |
Vulnerable (HTTPS) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |
10–20 | No[16] | Enabled by default | Yes | No | No | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Vulnerable (HTTPS/SPDY) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
21 | No | Enabled by default | Yes | No | No | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated [17] |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
22–29 | No | Enabled by default | Yes | Yes[18] | No[18][19][20][21] | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
30–32 | No | Enabled by default | Yes | Yes | Yes[19][20][21] | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
33–37 | No | Enabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Partly mitigated [n 12] |
Lowest priority [24][25][26] |
Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
38, 39 | No | Enabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Partly mitigated | Lowest priority | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
40 | No | Disabled by default[23][27] | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated [n 13] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Yes[n 14] | |||
41, 42 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated | Lowest priority | Mitigated | Vulnerable | Yes[n 14] | |||
43 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated | Only as fallback [n 15][28] |
Mitigated | Vulnerable | Yes[n 14] | |||
44–47 | No | No[29] | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Not affected | Only as fallback [n 15] |
Mitigated | Mitigated[30] | Temporary [n 11] | |||
48, 49 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
50–53 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
54–66 | No | No | Yes | Yes | Yes | Disabled by default (draft version) |
Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
67–69 | No | No | Yes | Yes | Yes | Yes (draft version) |
Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
70–74 | 75 | No | No | Yes | Yes | Yes | Yes | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Google Android OS Browser [33] |
Android 1.0–2.3.7 | No | Enabled by default | Yes | No | No | No | Unknown | Yes[7] | No | Unknown | Unknown | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
Android 3.0–4.0.4 | No | Enabled by default | Yes | No | No | No | Unknown | Yes | Yes[34][8] | Unknown | Unknown | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
Android 4.1–4.4.4 | No | Enabled by default | Yes | Disabled by default[35] | Disabled by default[35] | No | Unknown | Yes | Yes | Unknown | Unknown | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
Android 5.0–5.0.2 | No | Enabled by default | Yes | Yes[35][36] | Yes[35][36] | No | Unknown | Yes | Yes | Unknown | Unknown | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
Android 5.1–5.1.1 | No | Disabled by default |
Yes | Yes | Yes | No | Unknown | Yes | Yes | Unknown | Unknown | Not affected | Only as fallback [n 15] |
Mitigated | Mitigated | No | |||
Android 6.0–6.0.1 | No | Disabled by default |
Yes | Yes | Yes | No | Unknown | Yes | Yes | Unknown | Unknown | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
Android 7.0–7.1.2 | |||||||||||||||||||
Android 8.0–8.1 | No | No [37] |
Yes | Yes | Yes | No | Unknown | Yes | Yes | Unknown | Unknown | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
Android 9.0 | |||||||||||||||||||
Android 10.0 | No | No | Yes | Yes | Yes | Unknown | Unknown | Yes | Yes | Unknown | Unknown | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Mozilla Firefox (Firefox for mobile) [n 17] |
1.0, 1.5 | Windows (7+) OS X (10.9+) Linux Android (4.1+) iOS (9.0+) ESR only for: Windows (7+) OS X (10.9+) Linux |
Enabled by default [38] |
Enabled by default [38] |
Yes[38] | No | No | No | No | Yes[7] | No | Not affected [39] |
Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |
2 | Disabled by default [38][40] |
Enabled by default | Yes | No | No | No | No | Yes | Yes[8] | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
3–7 | Disabled by default | Enabled by default | Yes | No | No | No | Yes | Yes | Yes | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
8–10 ESR 10 |
No[40] | Enabled by default | Yes | No | No | No | Yes | Yes | Yes | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
11–14 | No | Enabled by default | Yes | No | No | No | Yes | Yes | Yes | Not affected | Vulnerable (SPDY)[17] |
Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
15–22 ESR 17.0–17.0.10 |
No | Enabled by default | Yes | No | No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
ESR 17.0.11 | No | Enabled by default | Yes | No | No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority [41][42] |
Not affected | Vulnerable | Yes[n 10] | |||
23 | No | Enabled by default | Yes | Disabled by default [43] |
No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 18] | |||
24, 25.0.0 ESR 24.0–24.1.0 |
No | Enabled by default | Yes | Disabled by default | Disabled by default [44] |
No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 18] | |||
25.0.1, 26 ESR 24.1.1 |
No | Enabled by default | Yes | Disabled by default | Disabled by default | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority [41][42] |
Not affected | Vulnerable | Yes[n 18] | |||
27–33 ESR 31.0–31.2 |
No | Enabled by default | Yes | Yes[45][46] | Yes[47][46] | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority | Not affected | Vulnerable | Yes[n 18] | |||
34, 35 ESR 31.3–31.7 |
No | Disabled by default [48][49] |
Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated [n 19] |
Lowest priority | Not affected | Vulnerable | Yes[n 18] | |||
ESR 31.8 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Lowest priority | Not affected | Mitigated[52] | Yes[n 18] | |||
36–38 ESR 38.0 |
No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Only as fallback [n 15][53] |
Not affected | Vulnerable | Yes[n 18] | |||
ESR 38.1–38.8 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Only as fallback [n 15] |
Not affected | Mitigated[52] | Yes[n 18] | |||
39–43 | No | No[54] | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Only as fallback [n 15] |
Not affected | Mitigated[52] | Yes[n 18] | |||
44–48 ESR 45 |
No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][55][56][57][58] | Not affected | Mitigated | Yes[n 18] | |||
49–59 ESR 52 |
No | No | Yes | Yes | Yes | Disabled by default (draft version)[59] |
Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | |||
60–62 ESR 60.0–60.7 |
ESR 60.8 | No | No | Yes | Yes | Yes | Yes (draft version) |
Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | ||
63–67 | 68 ESR 68.0 |
No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Microsoft Internet Explorer [n 20] |
1.x | Windows 3.1, 95, NT,[n 21][n 22] Mac OS 7, 8 |
No SSL/TLS support | ||||||||||||||||
2 | Yes | No | No | No | No | No | No | No | No | No SSL 3.0 or TLS support | Vulnerable | Vulnerable | Vulnerable | N/A | |||||
3 | Yes | Yes[62] | No | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Unknown | |||
4, 5, 6 | Windows 3.1, 95, 98, NT, 2000[n 21][n 22] Mac OS 7.1, 8, X, Solaris, HP-UX |
Enabled by default | Enabled by default | Disabled by default [62] |
No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
6 | Windows XP[n 22] | Enabled by default | Enabled by default | Disabled by default | No | No | No | No | Yes [n 23][63] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
7, 8 | Disabled by default [64] |
Enabled by default | Yes[64] | No | No | No | Yes | Yes [n 23][63] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | |||
6 | Server 2003[n 22] | Enabled by default | Enabled by default | Disabled by default | No | No | No | No | Yes [n 23][63] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | ||
7, 8 | Disabled by default [64] |
Enabled by default | Yes[64] | No | No | No | Yes | Yes [n 23][63] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | |||
7, 8, 9 | Windows Vista | Disabled by default | Enabled by default | Yes | No | No | No | Yes | Yes | Yes[8] | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | ||
7, 8[n 24] | 9 | Server 2008 | Disabled by default | Enabled by default | Yes | Disabled by default[5] (KB4019276) |
Disabled by default[5] (KB4019276) |
No | Yes | Yes | Yes[8] | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | |
8, 9, 10[n 24] | Windows 7 Server 2008 R2 |
Disabled by default | Enabled by default | Yes | Disabled by default [70] |
Disabled by default [70] |
No | Yes | Yes | Yes | Mitigated | Not affected | Vulnerable | Lowest priority [71][n 25] |
Mitigated [67] |
Mitigated [68] |
Yes[n 10] | ||
11 | Disabled by default | Disabled by default [n 26] |
Yes | Yes[73] | Yes[73] | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated [n 26] |
Disabled by default[77] | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | |||
10[n 24] | Windows 8 | Disabled by default | Enabled by default | Yes | Disabled by default [70] |
Disabled by default [70] |
No | Yes | Yes | Yes | Mitigated | Not affected | Vulnerable | Lowest priority [71][n 25] |
Mitigated [67] |
Mitigated [68] |
Yes[n 10] | ||
10 | Server 2012 | ||||||||||||||||||
11[78] | Windows 8.1 | Disabled by default | Disabled by default [n 26] |
Yes | Yes[73] | Yes[73] | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated [n 26] |
Disabled by default[n 16] | Mitigated [67] |
Mitigated [68] |
Yes[n 10] | ||
Server 2012 / 2012 R2 | |||||||||||||||||||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Microsoft Edge[n 27] Client only Internet Explorer Client and Server (SAC) [n 20] |
IE 11 | Edge 12–13 |
Windows 10 v1507–v1511 |
Disabled by default | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] |
IE 11 | Edge 14 | Windows 10 v1607 | No[79] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Edge 15 | Windows 10 v1703 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Edge 16 | Windows 10 v1709 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v1709 (SAC) | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Edge 17 | Windows 10 v1803 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v1803 (SAC) | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Edge 18 | Windows 10 v1809 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v1809 (SAC) | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Edge 18 | Windows 10 v1903 | No | Disabled by default | Yes | Yes | Yes | Disabled by default (experimental) | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v1903 (SAC) | No | Disabled by default | Yes | Yes | Yes | Disabled by default (experimental) | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Edge 18 | Windows 10 v19H2 | No | Disabled by default | Yes | Yes | Yes | Unknown | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v19H2 (SAC) | No | Disabled by default | Yes | Yes | Yes | Unknown | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Edge | Windows 10 v20H1 | No | Disabled by default | Yes | Yes | Yes | Unknown | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Server v20H1 (SAC) | No | Disabled by default | Yes | Yes | Yes | Unknown | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
Microsoft Internet Explorer Client (LTSB/C) and Server (LTSB/C) [n 20] |
IE 11 | Windows 10 LTSB 2015 (v1507)[n 28] | Disabled by default | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
IE 11 | Windows 10 LTSB 2016 (v1607) | No[79] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Server 2016 v1607 (LTSB) |
No[79] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Windows 10 LTSC 2019 (v1809) | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
IE 11 | Server 2019 v1809 (LTSC) |
No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Microsoft Internet Explorer Mobile [n 20] |
7, 9 | Windows Phone 7, 7.5, 7.8 | Disabled by default [64] |
Enabled by default | Yes | No |
No |
No | No |
Yes | Yes[34] | Unknown | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | |
10 | Windows Phone 8 | Disabled by default | Enabled by default | Yes | Disabled by default [82] |
Disabled by default [82] |
No | No |
Yes | Yes[83] | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | ||
11 | Windows Phone 8.1 | Disabled by default | Enabled by default | Yes | Yes[84] | Yes[84] | No | No |
Yes | Yes | Mitigated | Not affected | Vulnerable | Only as fallback [n 15][85][86] |
Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | ||
Microsoft Edge [n 27] |
Edge 13 | Windows 10 Mobile v1511 | Disabled by default | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | |
Edge 14 | Windows 10 Mobile v1607 | No[79] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
Edge 15 | Windows 10 Mobile v1703 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
Windows 10 Mobile v1709 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | |||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Opera Browser (Opera Mobile) (Pre-Presto and Presto) [n 30] |
1–2 | No SSL/TLS support[88] | |||||||||||||||||
3 | Yes[89] | No | No | No | No | No | No | No | No | No SSL 3.0 or TLS support | Vulnerable | Unknown | Unknown | N/A | |||||
4 | Yes | Yes[90] | No | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Unknown | |||
5 | Enabled by default | Enabled by default | Yes[91] | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
6–7 | Enabled by default | Enabled by default | Yes[91] | No | No | No | No | Yes[7] | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
8 | Enabled by default | Enabled by default | Yes | Disabled by default [92] |
No | No | No | Yes | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
9 | Disabled by default [93] |
Enabled by default | Yes | Yes | No | No | since v9.5 (only desktop) |
Yes | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
10–11.52 | No[94] | Enabled by default | Yes | Disabled by default | Disabled by default [94] |
No | Yes (only desktop) |
Yes | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
11.60–11.64 | No | Enabled by default | Yes | Disabled by default | Disabled by default | No | Yes (only desktop) |
Yes | No | Mitigated [95] |
Not affected | Vulnerable | Vulnerable | Unknown | Unknown | Yes[n 10] | |||
12–12.14 | No | Disabled by default [n 31] |
Yes | Disabled by default | Disabled by default | No | Yes (only desktop) |
Yes | No | Mitigated | Not affected | Mitigated [n 31] |
Vulnerable | Unknown | Mitigated[97] | Yes[n 10] | |||
12.15–12.17 | No | Disabled by default | Yes | Disabled by default | Disabled by default | No | Yes (only desktop) |
Yes | No | Mitigated | Not affected | Mitigated | Partly mitigated [98][99] |
Unknown | Mitigated[97] | Yes[n 10] | |||
12.18 | No | Disabled by default | Yes | Yes[100] | Yes[100] | No | Yes (only desktop) |
Yes | Yes[100] | Mitigated | Not affected | Mitigated | Disabled by default[n 16][100] | Mitigated[100] | Mitigated[97] | Yes[n 10] | |||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Opera Browser (Opera Mobile) (Webkit and Blink) [n 32] |
14–16 | Windows (7+) OS X (10.9+) Linux Android (4.1+) |
No | Enabled by default | Yes | Yes[103] | No[103] | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |
17–19 | No | Enabled by default | Yes | Yes[104] | Yes[104] | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
20–24 | No | Enabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
needs SHA-2 compatible OS[7] | needs ECC compatible OS[8] | Not affected | Mitigated | Partly mitigated [n 33] |
Lowest priority [105] |
Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
25, 26 | No | Enabled by default [n 34] |
Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated [n 35] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
27 | No | Disabled by default [27] |
Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated [n 36] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Yes[n 37] (only desktop) | |||
28, 29 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated | Lowest priority | Mitigated | Vulnerable | Yes[n 37] (only desktop) | |||
30 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Mitigated | Only as fallback [n 15][28] |
Mitigated | Mitigated[97] | Yes[n 37] (only desktop) | |||
31–34 | No | No[29] | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Not affected | Only as fallback [n 15][28] |
Mitigated | Mitigated | Temporary [n 11] | |||
35, 36 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | needs ECC compatible OS[8] | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
37–40 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
41–56 | No | No | Yes | Yes | Yes | Disabled by default (draft version) |
Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | |||
57, 58, 60 | 62 | No | No | Yes | Yes | Yes | Yes | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][31][32] | Mitigated | Mitigated | Temporary [n 11] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Apple Safari [n 38] |
1 | Mac OS X 10.2, 10.3 | No[110] | Yes | Yes | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |
2–5 | Mac OS X 10.4, 10.5, Win XP | No | Yes | Yes | No | No | No | since v3.2 | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
3–5 | No | Yes | Yes | No | No | No | since v3.2 | No | Yes[34] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
4–6 | Mac OS X 10.6, 10.7 | No | Yes | Yes | No | No | No | Yes | Yes[7] | Yes[8] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
6 | OS X 10.8 | No | Yes | Yes | No | No | No | Yes | Yes | Yes[8] | Mitigated [n 39] |
Not affected | Mitigated [n 40] |
Vulnerable [n 40] |
Mitigated [116] |
Vulnerable | No | ||
7, 9 | OS X 10.9 | No | Yes | Yes | Yes[117] | Yes[117] | No | Yes | Yes | Yes | Mitigated [112] |
Not affected | Mitigated [n 40] |
Vulnerable [n 40] |
Mitigated [116] |
Vulnerable | No | ||
8–10 | OS X 10.10 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated [n 40] |
Lowest priority [118][n 40] |
Mitigated [116] |
Mitigated [119] |
No | ||
9–11 | OS X 10.11 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | No | ||
10, 11 | 12 | macOS 10.12 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | |
11 | 12 | macOS 10.13 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | |
12 | macOS 10.14.0–10.14.3 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
12 | macOS 10.14.4–10.14.5 | No | No | Yes | Yes | Yes | Yes[120] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
13 | macOS 10.15 | No | No | Yes | Yes | Yes | Yes[120] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Apple Safari (mobile) [n 41] |
3 | iPhone OS 1, 2 | No[124] | Yes | Yes | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |
4, 5 | iPhone OS 3, iOS 4 | No | Yes | Yes | No | No | No | Yes[125] | Yes | since iOS 4[34] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
5, 6 | iOS 5, 6 | No | Yes | Yes | Yes[121] | Yes[121] | No | Yes | Yes | Yes | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
7 | iOS 7 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes[126] | Mitigated [127] |
Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
8 | iOS 8 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated [n 40] |
Lowest priority [128][n 40] |
Mitigated [129] |
Mitigated [130] |
No | ||
9 | iOS 9 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | No | ||
10–11 | iOS 10, 11 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
12 | iOS 12.0–12.1 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
12 | iOS 12.2–12.3 | No | No | Yes | Yes | Yes | Yes[131] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
13 | iOS 13 | No | No | Yes | Yes | Yes | Yes[131] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
iPadOS 13 | |||||||||||||||||||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 | EV [n 3] |
SHA-2 | ECDSA | BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[9][10] | Logjam | Protocol selection by user | |
SSL protocols | TLS protocols | Certificate Support | Vulnerabilities fixed |
Color or Note | Significance | |
---|---|---|
Browser version | Platform | |
Browser version | Operating system | Future release; under development |
Browser version | Operating system | Current latest release |
Browser version | Operating system | Former release; still supported |
Browser version | Operating system | Former release; long-term support still active, but will end in less than 12 months |
Browser version | Operating system | Former release; no longer supported |
n/a | Operating system | Mixed / Unspecified |
Operating system (Version+) | Minimum required operating system version (for supported versions of the browser) | |
No longer supported for this operating system |
Most SSL and TLS programming libraries are free and open source software.
Implementation | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 |
---|---|---|---|---|---|---|
Botan | No | No[134] | Yes | Yes | Yes | |
cryptlib | No | Disabled by default at compile time | Yes | Yes | Yes | |
GnuTLS | No[a] | Disabled by default[135] | Yes | Yes | Yes | yes (draft version)[136] |
Java Secure Socket Extension | No[a] | Disabled by default[137] | Yes | Yes | Yes | Yes |
LibreSSL | No[138] | No[139] | Yes | Yes | Yes | |
MatrixSSL | No | Disabled by default at compile time[140] | Yes | Yes | Yes | yes (draft version) |
mbed TLS (previously PolarSSL) | No | Disabled by default[141] | Yes | Yes | Yes | |
Network Security Services | No[b] | Disabled by default[142] | Yes | Yes[143] | Yes[144] | Yes[145] |
OpenSSL | No[146] | Enabled by default | Yes | Yes[147] | Yes[147] | Yes[148] |
RSA BSAFE[149] | No | Yes | Yes | Yes | Yes | |
SChannel XP / 2003[150] | Disabled by default by MSIE 7 | Enabled by default | Enabled by default by MSIE 7 | No | No | No |
SChannel Vista[151] | Disabled by default | Enabled by default | Yes | No | No | No |
SChannel 2008[151] | Disabled by default | Enabled by default | Yes | Disabled by default (KB4019276)[5] | Disabled by default (KB4019276)[5] | No |
SChannel 7 / 2008 R2[152] | Disabled by default | Disabled by default in MSIE 11 | Yes | Enabled by default by MSIE 11 | Enabled by default by MSIE 11 | No |
SChannel 8 / 2012[152] | Disabled by default | Enabled by default | Yes | Disabled by default | Disabled by default | No |
SChannel 8.1 / 2012 R2, 10 v1507 & v1511[152] | Disabled by default | Disabled by default in MSIE 11 | Yes | Yes | Yes | No |
SChannel 10 v1607 / 2016[79] | No | Disabled by default | Yes | Yes | Yes | No |
Secure Transport OS X 10.2–10.8 / iOS 1–4 | Yes | Yes | Yes | No | No | |
Secure Transport OS X 10.9–10.10 / iOS 5–8 | No[c] | Yes | Yes | Yes[c] | Yes[c] | |
Secure Transport OS X 10.11 / iOS 9 | No | No[c] | Yes | Yes | Yes | |
Seed7 TLS/SSL Library | No | Yes | Yes | Yes | Yes | |
wolfSSL (previously CyaSSL) | No | Disabled by default[153] | Yes | Yes | Yes | yes (draft version)[154] |
Implementation | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 |
A paper presented at the 2012 ACM conference on computer and communications security[158] showed that few applications used some of these SSL libraries correctly, leading to vulnerabilities. According to the authors
"the root cause of most of these vulnerabilities is the terrible design of the APIs to the underlying SSL libraries. Instead of expressing high-level security properties of network tunnels such as confidentiality and authentication, these APIs expose low-level details of the SSL protocol to application developers. As a consequence, developers often use SSL APIs incorrectly, misinterpreting and misunderstanding their manifold parameters, options, side effects, and return values."
The Simple Mail Transfer Protocol (SMTP) can also be protected by TLS. These applications use public key certificates to verify the identity of endpoints.
TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN and OpenConnect. Many vendors now marry TLS's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of the browser to enable support for client/server applications. When compared against traditional IPsec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote-access populations.
TLS is also a standard method to protect Session Initiation Protocol (SIP) application signaling. TLS can be used to provide authentication and encryption of the SIP signaling associated with VoIP and other SIP-based applications.[citation needed]
<ref>
tag; no text was provided for refs named poodle_pdf
|archivedate=
, you must also specify |archiveurl=
. http://my.opera.com/securitygroup/blog/2011/12/11/opera-11-60-and-new-problems-with-some-secure-servers.
kSSLProtocol2
is deprecated in iOS
|archivedate=
, you must also specify |archiveurl=
. http://www.theiphoneblog.com/2009/03/31/iphone-30-mobile-safari-enhanced-security-certificate-visualization/.
This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later.