TLSwhich stands for “Transport Layer Security“, is a cryptographic protocol designed to ensure the security of network communications. Its main function is that of protect data exchanged between two parties (for example, your browser and a web server) making it impossible for attackers to intercept or manipulate the transmitted information.
Several have been released over the years versions of TLS to improve the security of Internet communications. TLS, which in turn is the successor to SSL (Secure Sockets Layer), saw the release of version 1.0 in 1999. The presence of various vulnerability discovered over time, have led to the development and approval of subsequent releases so much so that today the most recent and reliable versions are TLS 1.2 e TLS 1.3.
Microsoft announced at the beginning of September 2023 that Windows will abandon support for TLS 1.0 and TLS 1.1, versions of the cryptographic protocol now considered obsolete and vulnerable. The main web browsers, however, have long since abandoned the two protocols, focusing only on the more recent and secure TLS 1.2 and TLS 1.3.
How TLS works, in brief
When you establish an HTTPS connection with a remote web server, there is TLS at work “behind the scenes”. After a handshake Initial, client and server establish a secure connection through a series of steps.
In particular, the client sends a message “ClientHello” to the server, specifying the versions of TLS it supports and a variety of encryption options. The server, in turn, responds with a message “ServerHello” by confirming the version of TLS to use and selecting a common set of cryptographic options.
The server then sends its message to the client digital certificate, which contains a public key. The client checks the validity of the server certificate and creates a session key secret. This key is used to encrypt data during the session. The client then sends a public key encrypted with the server’s public key. Finally the latter decrypts the public key using his private key to then start it data exchange in encrypted form. The secret session key allows you to transfer data safely, preventing attacks by third parties and preventing them from reading the exchanged messages.
TLS not only protects the confidentiality of the data, but also theirs integrity. Uses hashing algorithms to verify that data is not altered during transmission. If even one bit of the data is changed during the transfer, the integrity check fails and the connection is dropped.
TLS errors with modern web browsers
IT administrators, IT technicians and professionals at various levels often find themselves in difficulty lately. Because if on the one hand i browser Web have chosen to crack down on the TLS 1.0 and TLS 1.1 protocols, there are still many devices legacy which still make use of those versions of the protocol to allow access to their respective administration panels.
We are talking about devices equipped with Web functionality, products from the world of the Internet of Things (IoT), firewall hardware, dispositivi embedded, DRAGON (Dell Remote Access Controller), ILO (Integrated Lights-Out) and so on. DRAC, for example, is a remote controller that allows system administrators to manage and monitor Dell servers remotely, even when the server itself may be physically inaccessible; ILO is a term associated with servers Hewlett Packard Enterprise which refers to a system similar to DRAC and which offers remote management capabilities.
Safety is good, avoidance is good obsolete protocols. But how to access the devices legacy What if my web browser prevents me from using TLS 1.0 and TLS 1.1? What to do if the device to be administered is not accessible e remotely updateable?
Today it is always possible to access an unprotected site that exposes it from a web browser clear pages via HTTP. It can be done without problems. So why this fury towards TLS 1.0 and TLS 1.1? It would be enough to display a warning message, as has been done in the past, and still allow navigation to those who want to continue.
Yet today if you try to visit a site that doesn’t support at least TLS 1.2, Chrome and Edge show the error message ERR_SSL_VERSION_OR_CIPHER_MISMATCH while Firefox delights us with a SSL_ERROR_UNSUPPORTED_VERSIONwithout the possibility of appeal.
Come superare gli errori ERR_SSL_VERSION_OR_CIPHER_MISMATCH e SSL_ERROR_UNSUPPORTED_VERSION in Firefox ed Edge
If you need to access the administration panel of a remote device but the web browser returns one of the errors reported above, you can solve it with a simple trick that allows you to re-enable TLS 1.0 and TLS 1.1.
How to do it with Mozilla Firefox
In the case of Firefox, just type about:config in the address bar then type security.tls.version.min.
By default, this value is set to 3, which means the browser only accepts connections with remote servers protected at least through TLS 1.2. To also activate TLS 1.0 and TLS 1.1 connections, just double-click on security.tls.version.min then enter the value 1. Specifying 2, instead, TLS 1.0 is not allowed while the use of the TLS 1.1 and following protocol is permitted.
Use IE mode with Microsoft Edge
In the case of Microsoft Edgeas with Chrome, there doesn’t appear to be a direct way to unblock TLS 1.0 and TLS 1.1, at least temporarily.
Edge, however, includes the Internet Explorer mode can be activated from the main menu of the browser (three dots at the top right, next to the address bar). The advice is therefore to press Windows+Rto type inetcpl.cplpress Enter and click on the tab Advanced settings.
Here you need to scroll through the contents of the box Settings then enabling the boxes Usa TLS 1.0 e Usa TLS 1.1.
At this point, you can type the URL of the website you want to reach into the Edge address bar. When the error appears The connection for this site is not securealong with the message ERR_SSL_VERSION_OR_CIPHER_MISMATCHjust click on the browser’s main menu and then on the entry Reload in Internet Explorer mode.
With one click your Done so up Further information and finally on the link Continueyou can finally reach the website that does not support the latest and most updated versions of the TLS protocol.
Opening image credit: iStock.com/RobertAx