Browser support for TLS 1.1 and 1.2

Over the past couple of years there seems to have been a goal to break SSL, with new vulnerabilities with strange names such as BEAST, CRIME or lucky 13 being found. In the real world most of these attacks are difficult to achieve outside of the lab and are complex to do.

But, we all like to be as secure as possible: a vector with a known risk is a potential for exploitation. Fortunately most of the attacks (such as BEAST, lucky 13 and the RC4 attacks) can be removed by restricting the ciphers in use on site.

This is where it gets difficult: to fix BEAST we need to remove all TLS1.0 CBC ciphers and to fix the RC4 exploits we need to remove all RC4 ciphers, which leaves us with nothing that can be used. Fortunately there are later versions of the TLS protocol: 1.1 and 1.2 which improve the way the cryptography is done. The problem with these versions is that support amongst the major browsers is not well defined.

So, how well supported are these versions you may ask yourself? What better way to test it out than by trying it. I conveniently had a Linux virtual machine already set up, for another project, that was running Nginx with only TLS1.1 and TLS1.2 enabled. The next step was to gather a selection of user agents and try them against each set of ciphers. We can see the results below:

The obvious conclusion that jumps out from the table is that most browsers either do not, or do not by default support TLS versions 1.1 and 1.2 and that it would be folly in the current climate to disable TLS1.0.

What I find interesting is the differences between the desktop environments and the mobile environments: in general mobile environments have better support for the versions of TLS > 1.0.

In fairness to Firefox, a version of mozilla-central exists with TLS 1.2 implemented, this will be merged into Firefox soon ²

• ¹ This column signifies whether the user needs to alter the configuration to use the protocols.
• ² The whole saga can be seen in the Bugzilla bug report.