TLS Protocol Compatibility

Mar 6, 2024

TLS Protocol Compatibility

Introduction

This article focuses specifically on TLS v1.0, v1.1, v1.2, & v1.3 and their compatibility with various software platforms and operating systems, both client and server side, if you would like to know more about what these protocols are & what purpose they serve, please feel free to read on our blog post here
Note: Please note that certificates are not dependent on the protocols you have enabled or disabled, the protocols are determined by your server configuration and not by the certificates and will likely be managed by your server administrator or the appropriate IT staff within your organization. If you would like some further guidance on how you can go about disabling deprecated SSL/TLS protocols, please check our related article

Timeline

June 21, 2018 Deprecation of TLS 1.0 and 1.1 by GlobalSign
June 30, 2018 PCI DSS deadline for deprecating TLS 1.0

Compatibility Tables

INDEX: 

  1. Browsers
  2. Desktop Clients
  3. Mobile Clients
  4. Servers
  5. Libraries

Browsers

 
TLS 1.0
TLS 1.1 TLS 1.2 TLS 1.3
Desktop IE 11 latest version
Desktop and mobile IE version 11
Desktop IE versions: 8, 9, and 10 Partial
[See Note 1]
Partial
[See Note 1]
Desktop IE versions 7 and below
Mobile IE version 10 and below
Microsoft Edge latest version
Microsoft Edge
Mozilla Firefox 63 or higher
Mozilla Firefox 27 and higher
Mozilla Firefox 23 to 26 Partial
[See Note 2
Partial
[See Note 2]
Mozilla Firefox 22 and below
Google Chrome 80 or higher
Google Chrome 30 to 79
Google Chrome 22 to 32 Partial
[See Note 3]
Partial
[See Note 3]
Google Chrome 21 and below
Android 10.0 or higher
Android 5.0 (Lollipop) and higher
Android 4.4 (Kitkat) to 4.4.4 Partial
(See Note 4)
Partial
(See Note 4)
Android 4.3 (Jelly Bean) and below
Desktop Safari version 13 or higher
Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below
Mobile Safari version 13 or higher
Mobile Safari versions 5 and higher for iOS 5 and higher
Mobile Safari for iOS 4 and below
Opera 67 and higher

 

Desktop Clients

     
 
TLS 1.0
TLS 1.1 TLS 1.2 TLS 1.3
Windows 11 or higher
Windows 10
Windows 8.1
Windows 8 Partial
[See Note 5]
Partial
[See Note 5]
Windows 7 SP1
Windows 7 SP1
Windows Vista
Windows XP SP3
Windows XP
MAC OS 10.15 or higher
MAC OS X 10.13
MAC OS X 10.12
MAC OS X 10.11
MAC OS X 10.10
MAC OS X 10.9
MAC OS X 10.8
MAC OS X 10.6 and 10.7
MAC OS X 10.4 and 10.5
MAC OS X 10.2 and 10.3
Linux

 

Mobile Clients

       
 
TLS 1.0
TLS 1.1 TLS 1.2 TLS 1.3
Airwatch Partial
[See more]
Android versions: 10.0 or higher
Android versions: 5.0 to 8.1 and Android P
Android versions: 1.0 to 4.4.4
iPhone OS versions: 13 or higher
iPhone OS versions: 5, 6, 7, 8, 9, 10, and 11
iPhone OS versions: 1, 2, 3, and 4
MobileIron Core versions 9.5 and higher
MobileIron Core versions 9.4 and below
MobileIron Cloud
Windows 10 Mobile versions: v1511, v1607, v1703, and v1709
Windows Phone version 8.1
Windows Phone versions: 7, 7.5, 7.8 and 8



Note 1: For desktop IE versions: 8, 9, and 10 are only compatible with TLS 1.1 and TLS 1.2 when running Windows 7 or newer, but it is disabled by default. To enable it, please check the guidelines found here for more information. 

Note 2: For Firefox 23 to 26: use about:config to enable TLS 1.1 and TLS 1.2 by updating the security.tls.version.max config value to 2 for TLS 1.1 or 3 for TLS 1.2. 

Note 3: For Google Chrome 22 to 37: TLS 1.1 and TLS 1.2 are compatible when running on Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile). 

Note 4: For Android 4.4: it may be compatible with TLS 1.1 and TLS 1.2 but some devices with Android 4.4.x may not support TLS 1.1 or higher.

Note 5: For Windows 8: TLS 1.1 and TLS 1.2 can be enabled by following the guidelines found here for more information.

Servers

 
TLS 1.0
TLS 1.1 TLS 1.2 TLS 1.3
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012 Partial
[See Note 7]
Partial
[See Note 7]
Windows Server 2008 R2
Windows Server 2008 SP 2 with windows update installed
Windows Server 2008
[See Note 6]

[See Note 6]
Windows Server 2003
[See Note 6]

[See Note 6]


 

Libraries

 
TLS 1.0
TLS 1.1 TLS 1.2 TLS 1.3
.NET 4.6 and higher
.NET 4.5 to 4.5.2 Partial
[See Note 8]
Partial
[See Note 8]
.NET 4.0 Partial
[See Note 9]
.NET 3.5 and below
OpenSSL versions: 1.1.1 or higher
OpenSSL versions: 1.0.1 and higher
OpenSSL versions: 1.0.0 and below
Mozilla - NSS versions: 3.15.1 and higher
Mozilla - NSS versions: 3.14 to 3.15
Mozilla - NSS versions: 3.13.6 and below

 Note 6: A Server that does not support TLS 1.1 and TLS 1.2 that connects to another site as a Client can support TLS 1.1 and TLS 1.2 by enabling it through the Internet Options in IE. Browse to Tools > Internet Options > Advanced. Under the Security section, you would see the list of SSL Protocols supported by IE. Tick the necessary boxes. You can check the guidelines found here for more information. 

Note 7: For Windows Server 2012: TLS 1.1 and TLS 1.2 can be enabled by following the guidelines found here for more information.
 

Note 8: For .NET 4.5 to 4.5.2: TLS 1.1 and TLS 1.2 can be enabled by following either one of the two options indicated below: Option 1:.NET applications may directly enable TLS 1.1 and TLS 1.2 in their software code by setting System.Net.ServicePointManager.SecurityProtocol to enable SecurityProtocolType.Tls12 and SecurityProtocolType.Tls11. The following C# code is an example:

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

Option 2:
To enable TLS 1.2 by default without modifying the source code by setting the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319". Although the version number in those registry keys is 4.0.30319, the .NET 4.5, 4.5.1, and 4.5.2 frameworks also use these values. Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. It is thus advisable to test this change before deploying it to your production servers. 

Note 9: To enable TLS 1.2 by default, it is possible to install .NET Framework 4.5, or a newer version, and set the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319". Those registry keys, however, may enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. We recommend testing this change before deploying it to your production servers. 

Note 10: The update needed to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows is indicated in the guidelines found here

We hope you found the information in this article useful, if you are unsure what protocols your server currently supports, you can use our free configuration checker here https://globalsign.ssllabs.com/ to quickly test your server and see which protocols are enabled. 

References

1. PCI Data Security Standard
2. PCI Security Standards Council Revises Date For Migrating Off Vulnerable SSL and Early TLS Encryption
3. Are You Ready for 30 June 2018? Saying Goodbye to SSL/early TLS
4. Migrating from SSL and Early TLS

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support