Nixle: What Versions of Transport Layer Security (TLS) Does Nixle Support?

*** As part of Nixle’s continuous improvements, the security configurations will be improved to protect user data. Nixle will restrict the usage of any TLS version below 1.2 starting June 12. ***


Question:

What is Transport Layer Security (TLS), and what versions of TLS will Nixle support? 

Answer:

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. It is widely deployed to secure or encrypt the communication between web applications and servers, such as web browsers loading a website and other applications for communications such as email, messaging, and voice over IP (VoIP). The most recent version is TLS 1.3, which was published in 2018.

How does TLS affect web application performance?

The latest versions of TLS hardly impact web application performance at all. The improvements like TLS False Start and TLS Session Resumption have helped to make TLS a very fast protocol that should not noticeably affect load times. As for the computational costs associated with TLS, they are mostly negligible by today’s standards.TLS 1.3 has made TLS even faster. TLS handshakes in TLS 1.3 only require one round trip (or back-and-forth communication) instead of two, shortening the process by a few milliseconds. When the user has connected to a website before, the TLS handshake has zero round trips, speeding it up still further.

Currently Nixle supports TLS 1.2 and TLS 1.3. 

Starting on June 12, 2023, the list of TLS 1.2 ciphers supported by Nixle will be: 

  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-ECDSA-AES128-GCM-SHA256 
  • ECDHE-ECDSA-AES256-GCM-SHA384 

Starting on June 12, 2023, the list of TLS 1.3 ciphers supported by Nixle will be: 

  • AES_128_GCM_SHA256
  • AES_256_GCM_SHA384 
  • CHACHA20_POLY1305_SHA256 

What does this mean to you?

With the use of stronger encryption protocols and algorithms, we no longer officially support TLS 1.1 and certain weak ciphers in TLS 1.2 in any of our applications. If you continue to use browsers that do not support the strong TLS 1.2 and 1.3 ciphers listed above, some new and/or existing features and functionality may no longer work or the site may not load for them and be entirely inaccessible to them. Defects or performance issues that appear only when using TLS 1.1 or weaker unsupported ciphers in TLS 1.2 will not be investigated or fixed. 

Impacted Nixle domains

What action do you need to take? 

Nixle is taking every step to ensure that the supported browsers (i.e., Google Chrome, Mozilla Firefox, Internet Explorer 11+, Edge) will continue to work after the June 12, 2023 update. If you use older browser versions that by default do not support the latest encryption protocol, then we recommend that you upgrade to a newer version. For more information on troubleshooting browser issues when using non-supported TLS versions or ciphers, see knowledge base article 000065958 - Troubleshooting Client-Side TLS Error Messages That Can Occur When Using Non-supported TLS Versions or Ciphers.

Minimum browser versions that support TLS 1.2

Browser TLS 1.2 Supported
(Not enabled by default)
Enabled by Default
 
Internet Explorer Version 8.9.10 Version 11
Microsoft Edge   All versions
Google Chrome   Version 29
Mozilla Firefox Version 23.24.25.26 Version 27
Apple Safari   Version 7

How to check the current TLS version supported by your browser and how to upgrade to a newer TLS version

To enable TLS 1.2 protocols on web browsers, click on one of the links below:

Microsoft Internet Explorer and Microsoft Edge

  1. Open Internet Explorer
  2. From the menu bar, select Tools > Internet Options > Advanced tab
  3. Scroll down to the Security category and manually check the option for Use TLS 1.2
  4. Click OK
  5. Close your browser and restart Internet Explorer
User-added image

Google Chrome

Connections are automatically negotiated at the highest grade in Google Chrome. This means if a client is using Google Chrome version 29 or greater, then TLS 1.2 will be automatically enabled in their browser.

Mozilla Firefox

  1. Open Mozilla Firefox
  2. In the address bar, type about:config and press Enter
  3. In the search field, enter security.tls. Find and double-click the entry for security.tls.version.max
  4. Set the integer value to 4 to force a maximum protocol of TLS 1.3
  5. Click OK
  6. Close your browser and restart Mozilla Firefox
User-added image

Apple Safari

There are no options for enabling TLS protocols. If you are using Safari version 7 or greater, TLS 1.2 is automatically enabled.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.