If TLS 1.3 is enabled in your browser or in the Operating System, the websites and apps that support this version will open with TLS 1.3 increasing overall security of the system and also enhancing the overall performance experience. In this article, we will discuss how to enable or disable TLS 1.3 in Windows 10. We will also discuss enabling TLS 1.3 in popular browsers including Google Chrome, Microsoft Edge and Mozilla Firefox.
SSL (1, 2, 3) vs TLS (1.1, 1.2) vs TLS 1.3
SSL (Secure Socket Layer) protocol was developed by Netscape for securing the communication between the website and the browser. It evolved with versions 2 and 3. When the standard expanded, it was named TLS but essentially the basic technology remains the same. With each version update, TLS adds more security features and performance enhancements. TLS 1.2 is the most widely used protocol that is also considered secure while TLS 1.0 and TLS 1.1 are not considered secure. Here are some of the features you will find in TLS 1.3:
New security ciphers: TLS 1.3 uses new security ciphers and is not compatible with the old ones.Removed weak security: Weak security encryption has been removed and will not work with TLS 1.3 e.g., MD5, RC4 etc.Speed: TLS 1.3 speeds up the client/server communication by reducing the no. of connection trips required for negotiation.No monitoring: The organization and monitoring software will not be able to monitor secure connections using TLS 1.3. This is a huge concern for organizations while a good relief for the users.
Enable TLS 1.3 in Windows 10 (system-wide)
TLS 1.3 is not enabled in Windows 10 by default. If you are using network apps that require or support TLS 1.3, you should enable TLS 1.3 in Windows 10. You can use the reg file and run it on your system to enable TLS 1.3 in Windows 10. Enable TLS 1.3.reg (205 bytes, 4,376 hits) You have now made the required changes to the system registry to enable system-wide TLS 1.3. If you want to disable TLS 1.3, you can run the following registry file: Disable TLS 1.3.reg (unknown, 2,133 hits)
Enable TLS 1.3 on Microsoft Edge and Internet Explorer
Since TLS 1.3 is disabled by default, it needs to be manually enabled for each browser. Currently, Internet Explorer 11 and Edge do not support TLS 1.3 but will be supported in the next updates to come, according to sources from Microsoft Insider Program. If you wish to enable the experimental version, follow the steps below to enable it on Microsoft Edge as well as Internet Explorer. The Edge browser can now be used to connect to any website or server running TLS 1.3. This configuration also takes place on Internet Explorer simultaneously as well. You can also disable TLS 1.3, or any other version by navigating to the Internet Properties window and unchecking the corresponding boxes.
Enable TLS 1.3 on Google Chrome
In the case of Google Chrome, a flag needs to be set to enabled in order to run TLS 1.3. This will now relaunch Chrome with the new settings applied, and TLS 1.3 will now be enabled. If you ever need to disable TLS 1.3 on Google Chrome, simply go to the flags page and select Disabled from the drop-down menu.
Enable TLS 1.3 on Mozilla Firefox
Mozilla Firefox also has a unique way of running TLS 1.3. In case you wish to revert to the settings, just change the value of security.tls.version.max to 3, and relaunch the browser.
How do I check if TLS 1.3 is enabled?
If you are still in doubt whether TLS 1.3 is functional, you can navigate to the page provided by Cloudflare to check whether TLS 1.3 is enabled or not. It runs a quick scan and gives you some specifics about the browser you are currently using. Another useful website is Qualys by SSL Labs to check for TLS 1.3.
Closing words
Microsoft plans on enabling TLS 1.3 by default on all versions of Windows 10 after version 2004. Please note that Microsoft Edge Legacy and Internet Explorer will not support TLS 1.3. You will need to upgrade your browser to Chromium based Edge browser for moving forward with security and enhanced performance. Microsoft was also planning on disabling TLS 1.1 and 1.2 by default on the newer builds, but the global pandemic has forced them to delay it until the spring of 2021. Where do you think TLS 1.3 should be made mandatory to use? Did you befall any serious threats, or were you saved by the encryption protocols? Also see:
How to Enable or Disable Reveal Password button in Windows 11/10What Is DNS-Over-HTTPS And How To Enable It On Your Device (Or Browser)3 Ways to Disable Proxy Settings in Windows 10How to Map SharePoint as Network Drive in Windows 10How to Enable, Disable, or Troubleshoot Windows 10 Sync Settings