TLS chartIn 2014, there will be a trend for website owners to implement TLS 1.2 on their servers. TLS 1.2 was defined in RFC 5246 in August 2008 and is the most secure version of SSL/TLS protocol.

Although TLS 1.2 has been available for a few years, it is not well deployed. SSL Pulse indicates that only 26 percent of the top 200,000 websites support TLS 1.2.

With attacks on cipher block chaining (CBC) and RC4, it is encouraged that websites also enable TLS 1.2. The benefit is that TLS 1.2 supports expansion of support for authenticated encryption ciphers with AES-GCM cipher suites that are not prone to these attacks.

How do you know if your browser supports TLS 1.2?

Go to How’s My SSL and it will tell you how good your browser is doing and which version of TLS it supports. If your browser does not support TLS 1.2, then this is probably a configuration setting you can turn on.

What about your website? Go to the CASC SSL Configuration Checker. This site will give you a grade for your website and will tell you which versions of SSL/TLS you support. If you do not support TLS 1.2, your site will not get an A grading. If you do support SSL 2.0, then your site will get an F grading. With users performing these checks, website owners will be encouraged to support the right levels of SSL/TLS protocol.

Microsoft is moving to TLS 1.2. They were the first to support TLS 1.2 with Internet Explorer 8. In version 11, they have set TLS 1.2 on by default. It will be encouraging if the other browsers take the same position.

Bruce Morton

Bruce Morton

Bruce Morton is a pioneering figure in the PKI and digital certificate industry. He currently serves as Director for Certificate Services at Entrust Datacard, where he has been employed since 1999. His day-to-day responsibilities include managing standards implementations, overseeing Entrust Datacard’s policy authority, and monitoring Entrust Certificate Service for industry compliance.