Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Version history for TLS/SSL support in web browsers

From Wikipedia, the free encyclopedia
History of web browser protocol support

Version history for TLS/SSL support in web browsers tracks the implementation ofTransport Layer Security protocol versions in majorweb browsers.

TLS/SSL support history of web browsers
Browser
or OS API		VersionPlatformsSSL protocolsTLS protocolsCertificate supportVulnerability[n 1]Protocol selection by user[n 2]
SSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV[n 3][1]SHA-2[2]ECDSA[3]BEAST[n 4]CRIME[n 5]POODLE (SSLv3)[n 6]RC4[n 7]FREAK[4][5]Logjam
Google Chrome
(Chrome for Android)[n 8][n 9]		1–9Windows (10+)
macOS (12+)
Linux
Android (10+)
iOS (17+)
ChromeOS		Disabled by defaultYesYesNoNoNoYes
(only desktop)		Requires SHA-2 compatible OS[2]NeedsECC compatible OS[3]Not affected[10]Vulnerable
(HTTPS)		VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
10–20No[11]YesYesNoNoNoYes
(only desktop)		Requires SHA-2 compatible OS[2]Needs ECC compatible OS[3]Not affectedVulnerable
(HTTPS/SPDY)		VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
21NoYesYesNoNoNoYes
(only desktop)		Requires SHA-2 compatible OS[2]Needs ECC compatible OS[3]Not affectedMitigated[12]VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
22–29NoYesYesYes[13]No[13][14][15][16]NoYes
(only desktop)		Requires SHA-2 compatible OS[2]Needs ECC compatible OS[3]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary[n 11]
30–32NoYesYesYesYes[14][15][16]NoYes
(only desktop)		Requires SHA-2 compatible OS[2]Needs ECC compatible OS[3]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary[n 11]
33–37NoYesYesYesYesNoYes
(only desktop)		Requires SHA-2 compatible OS[2]Needs ECC compatible OS[3]Not affectedMitigatedPartly mitigated[n 12]Lowest priority[19][20][21]Vulnerable
(except Windows)		VulnerableTemporary[n 11]
38, 39NoYesYesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedPartly mitigatedLowest priorityVulnerable
(except Windows)		VulnerableTemporary[n 11]
40NoDisabled by default[18][22]YesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedMitigated[n 13]Lowest priorityVulnerable
(except Windows)		VulnerableYes[n 14]
41, 42NoDisabled by defaultYesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedMitigatedLowest priorityMitigatedVulnerableYes[n 14]
43NoDisabled by defaultYesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedMitigatedOnly as fallback[n 15][23]MitigatedVulnerableYes[n 14]
44–47NoNo[24]YesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedNot affectedOnly as fallback[n 15]MitigatedMitigated[25]Temporary[n 11]
48, 49NoNoYesYesYesNoYes
(only desktop)		YesNeeds ECC compatible OS[3]Not affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
50–53NoNoYesYesYesNoYes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
54–66NoNoYesYesYesDisabled by default
(draft version)		Yes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
67–69NoNoYesYesYesYes
(draft version)		Yes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
70–83NoNoYesYesYesYesYes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
84–90NoNoWarn by defaultWarn by defaultYesYesYes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
91–143NoNoNo[28]No[28]YesYesYes
(only desktop)		YesYesNot affectedMitigatedNot affectedDisabled by default[n 16][26][27]MitigatedMitigatedTemporary[n 11]
ESC 144145
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Microsoft Edge
(Chromium-based)
OS-independent		79–83Windows (10+)
macOS (12+)
Linux 
Android (10+)
iOS (18+)		NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by defaultMitigatedMitigatedYes[n 10]
84–90NoNoWarn by defaultWarn by defaultYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by defaultMitigatedMitigatedYes[n 10]
91-143NoNoNo[29]No[29]YesYesYesYesYesMitigatedNot affectedNot affectedDisabled by defaultMitigatedMitigatedYes[n 10]
ESC 144145
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Mozilla Firefox
(Firefox for mobile)[n 17]		1.0, 1.5Windows (10+)
macOS (10.15+)
Linux
Android (8.0+)
iOS(15+)
Firefox OS
Maemo

ESR 115 only for:
Windows (7–8.1)
macOS (10.12–10.14)

ESR 140+ only for:
Windows (10+)
macOS (10.15+)
Linux		Yes[30]Yes[30]Yes[30]NoNoNoNoYes[2]NoNot affected[31]Not affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
2Disabled by default[30][32]YesYesNoNoNoNoYesYes[3]Not affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
3–7Disabled by defaultYesYesNoNoNoYesYesYesNot affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
8–10
ESR 10		No[32]YesYesNoNoNoYesYesYesNot affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
11–14NoYesYesNoNoNoYesYesYesNot affectedVulnerable
(SPDY)[12]		VulnerableVulnerableNot affectedVulnerableYes[n 10]
15–22
ESR 17.0–17.0.10		NoYesYesNoNoNoYesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 10]
ESR 17.0.11NoYesYesNoNoNoYesYesYesNot affectedMitigatedVulnerableLowest priority[33][34]Not affectedVulnerableYes[n 10]
23NoYesYesDisabled by default[35]NoNoYesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 18]
24, 25.0.0
ESR 24.0–24.1.0		NoYesYesDisabled by defaultDisabled by default[36]NoYesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 18]
25.0.1, 26
ESR 24.1.1–24.8.1		NoYesYesDisabled by defaultDisabled by defaultNoYesYesYesNot affectedMitigatedVulnerableLowest priority[33][34]Not affectedVulnerableYes[n 18]
27–33
ESR 31.0–31.2.0		NoYesYesYes[37][38]Yes[39][38]NoYesYesYesNot affectedMitigatedVulnerableLowest priorityNot affectedVulnerableYes[n 18]
34, 35
ESR 31.3.0–31.7.0		NoDisabled by default[40][41]YesYesYesNoYesYesYesNot affectedMitigatedMitigated[n 19]Lowest priorityNot affectedVulnerableYes[n 18]
ESR 31.8.0NoDisabled by defaultYesYesYesNoYesYesYesNot affectedMitigatedMitigatedLowest priorityNot affectedMitigated[44]Yes[n 18]
36–38
ESR 38.0–38.0.1		NoDisabled by defaultYesYesYesNoYesYesYesNot affectedMitigatedMitigatedOnly as fallback[n 15][45]Not affectedVulnerableYes[n 18]
ESR 38.1.0–38.8.0NoDisabled by defaultYesYesYesNoYesYesYesNot affectedMitigatedMitigatedOnly as fallback[n 15]Not affectedMitigated[44]Yes[n 18]
39–43NoNo[46]YesYesYesNoYesYesYesNot affectedMitigatedNot affectedOnly as fallback[n 15]Not affectedMitigated[44]Yes[n 18]
44–48
ESR 45		NoNoYesYesYesNoYesYesYesNot affectedMitigatedNot affectedDisabled by default[n 16][47][48][49][50]Not affectedMitigatedYes[n 18]
49–59
ESR 52		NoNoYesYesYesDisabled by default
(draft version)[51]		YesYesYesNot affectedMitigatedNot affectedDisabled by default[n 16]Not affectedMitigatedYes[n 18]
60–62
ESR 60		NoNoYesYesYesYes
(draft version)		YesYesYesNot affectedMitigatedNot affectedDisabled by default[n 16]Not affectedMitigatedYes[n 18]
63–77
ESR 68		NoNoYesYesYesYesYesYesYesNot affectedMitigatedNot affectedDisabled by default[n 16]Not affectedMitigatedYes[n 18]
78–146
ESR 78–115.31
ESR 128-140.6		NoNoDisabled by default[52]Disabled by default[52]YesYesYesYesYesNot affectedMitigatedNot affectedDisabled by default[n 16]Not affectedMitigatedYes[n 18]
ESR 115.32
ESR 140.7
147
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Microsoft Internet Explorer
(1–10)[n 20]

Windows Schannel		1.xWindows3.1,95,NT,[n 21][n 22]
Mac OS7,8		No SSL/TLS support
2YesNoNoNoNoNoNoNoNoNo SSL 3.0 or TLS supportVulnerableVulnerableVulnerableN/a
3YesYes[55]NoNoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerable?
4,5,6Windows3.1,95,98,NT,2000[n 21][n 22]
Mac OS7.1,8,X,
Solaris,HP-UX		YesYesDisabled by default[55]NoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
6Windows XP[n 22]YesYesDisabled by defaultNoNoNoNoYes (Since SP3)[n 23][56]NoMitigatedNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
7,8Disabled by default[57]YesYes[57]NoNoNoYesYes (Since SP3)[n 23][56]NoMitigatedNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
6Server 2003[n 22]YesYesDisabled by defaultNoNoNoNoYes
(KB938397+KB968730)[n 23][56]		NoMitigatedNot affectedVulnerableVulnerableMitigated[60]Mitigated[61]Yes[n 10]
7,8Disabled by default[57]YesYes[57]NoNoNoYesYes
(KB938397+KB968730)[n 23][56]		NoMitigatedNot affectedVulnerableVulnerableMitigated[60]Mitigated[61]Yes[n 10]
7,8,9Windows VistaDisabled by defaultYesYesNoNoNoYesYesYes[3]MitigatedNot affectedVulnerableVulnerableMitigated[60]Mitigated[61]Yes[n 10]
7,8,9Server 2008Disabled by defaultYesYesDisabled by default[62]
(KB4019276)[n 24]		Disabled by default[62]
(KB4019276)[n 24]		NoYesYesYes[3]MitigatedNot affectedVulnerableVulnerableMitigated[60]Mitigated[61]Yes[n 10]
8,9,107,8
Server 2008 R2
Server 2012		Disabled by defaultYesYesDisabled by default[n 24][64]Disabled by default[n 24][64]NoYesYesYesMitigatedNot affectedVulnerableLowest priority[65][n 25]Mitigated[60]Mitigated[61]Yes[n 10]
Internet Explorer 11[n 20]

Windows Schannel		11[n 26][67]7,8.1
Server 2008 R2
Server 2012[67]
Server 2012 R2		Disabled by defaultDisabled by default[n 27]Disabled by default[n 28]Disabled by default[n 24][n 28]Yes[n 24][73]NoYesYesYesMitigatedNot affectedMitigated[n 27]Disabled by default[n 16]Mitigated[60]Mitigated[61]Yes[n 10]
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Microsoft Edge
(12–18)
(EdgeHTML-based)
Client only

Internet Explorer 11[n 20]

Windows Schannel		1112–13Windows 1015071511Disabled by defaultYes[63]YesYesYes[n 24]NoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
1114–18
(client only)		Windows 1016072004
Windows Server (SAC)
1709–2004		No[74]Disabled by defaultYesYesYesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Internet Explorer 11[n 20]

Windows Schannel		11[n 29]Windows 1020H222H2
Windows Server (SAC)
20H2		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows SchannelWindows 1121H222H2
(Ent/Edu/Home/Pro)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYes[63]YesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 1123H2
(Home/Pro)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 1123H2
(Ent/Edu)
Windows 1124H2
(Home/Pro)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 1124H2
(Ent/Edu)
Windows 1125H2
(Ent/Edu/Home/Pro)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 1126H1
(Specific ARM SoCs only)[77]		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 1126H2NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Internet Explorer 11[n 20]
LTSB/LTSC

Windows Schannel
LTSB/LTSC		11Windows 10
LTSB 2015 (1507)		Disabled by defaultYes[63]Disabled by default[n 28]Disabled by default[n 28]Yes[n 24]NoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 10
LTSB 2016 (1607)		No[74]Disabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows Server 2016
(LTSB/1607)		No[74]Disabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 10
LTSC 2019 (1809)
Windows Server 2019
(LTSC/1809)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows 10
LTSC 2021 (21H2)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesNo[63]YesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows Server 2022
(LTSC/21H2)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows Schannel
LTSC		Windows 11
LTSC 2024 (24H2)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Windows Server 2025
(LTSC/24H2)		NoDisabled by defaultDisabled by default[n 28]Disabled by default[n 28]YesYesYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedYes[n 10]
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
MicrosoftInternet Explorer Mobile[n 20]7–9Windows Phone 7, 7.5, 7.8Disabled by default[57]YesYesNo[citation needed]No[citation needed]NoNo[citation needed]YesYes[78]?Not affectedVulnerableVulnerableVulnerableVulnerableOnly with 3rd party tools[n 30]
10Windows Phone 8Disabled by defaultYesYesDisabled by default[80]Disabled by default[80]NoNo[citation needed]YesYes[81]MitigatedNot affectedVulnerableVulnerableVulnerableVulnerableOnly with 3rd party tools[n 30]
11Windows Phone 8.1Disabled by defaultYesYesYes[82]Yes[82]NoNo[citation needed]YesYesMitigatedNot affectedVulnerableOnly as fallback[n 15][83][84]VulnerableVulnerableOnly with 3rd party tools[n 30]
Microsoft Edge
(13–15)
(EdgeHTML-based)[n 31]		13Windows 10 Mobile 1511Disabled by defaultDisabled by defaultYesYesYesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedNo
14, 15Windows 10 Mobile
1607–1709		No[74]Disabled by defaultYesYesYesNoYesYesYesMitigatedNot affectedMitigatedDisabled by default[n 16]MitigatedMitigatedNo
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Apple Safari[n 32]1Mac OS X10.2,10.3No[89]YesYesNoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
2–5Mac OS X10.4,10.5,Win XPNoYesYesNoNoNoYes (Since v3.2)NoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
3–5Vista,Win 7NoYesYesNoNoNoYes (Since v3.2)NoYes[78]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
4–6Mac OS X10.6,10.7NoYesYesNoNoNoYesYes[2]Yes[3]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
6OS X 10.8NoYesYesNoNoNoYesYesYes[3]Mitigated[n 33]Not affectedMitigated[n 34]Vulnerable[n 34]Mitigated[95]VulnerableNo
7, 9OS X 10.9NoYesYesYes[96]Yes[96]NoYesYesYesMitigated[91]Not affectedMitigated[n 34]Vulnerable[n 34]Mitigated[95]VulnerableNo
8–10OS X 10.10NoYesYesYesYesNoYesYesYesMitigatedNot affectedMitigated[n 34]Lowest priority[97][n 34]Mitigated[95]Mitigated[98]No
9–11OS X 10.11NoNoYesYesYesNoYesYesYesMitigatedNot affectedNot affectedLowest priorityMitigatedMitigatedNo
10–13macOS
10.12,10.13		NoNoYesYesYesNoYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
12–14macOS10.14NoNoYesYesYesYes (Since macOS 10.14.4)[99]YesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
13–18macOS10.15,11,12,13NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
17–1826macOS 14NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
1826macOS 15NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
26macOS 26NoNoDisabled by defaultDisabled by default[100]YesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Apple Safari
(mobile)[n 35]		3iPhone OS1,2No[104]YesYesNoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
4, 5iPhone OS 3,iOS 4NoYesYesNoNoNoYes[105]YesYes (Since iOS 4)[78]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
5, 6iOS5,6NoYesYesYes[101]Yes[101]NoYesYesYesVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
7iOS 7NoYesYesYesYesNoYesYesYes[106]Mitigated[107]Not affectedVulnerableVulnerableVulnerableVulnerableNo
8iOS 8NoYesYesYesYesNoYesYesYesMitigatedNot affectedMitigated[n 34]Lowest priority[108][n 34]Mitigated[109]Mitigated[110]No
9iOS 9NoNoYesYesYesNoYesYesYesMitigatedNot affectedNot affectedLowest priorityMitigatedMitigatedNo
10, 11iOS10,11NoNoYesYesYesNoYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
12iOS 12NoNoYesYesYesYes (Since iOS 12.2)[99]YesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
13–17iOS
1317		NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
iPadOS
1317
18iOS 18NoNoYesYesYesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
iPadOS 18
26iOS 26NoNoDisabled by defaultDisabled by default[111]YesYesYesYesYesMitigatedNot affectedNot affectedDisabled by default[n 16]MitigatedMitigatedNo
iPadOS 26
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV[n 3]SHA-2ECDSABEAST[n 4]CRIME[n 5]POODLE (SSLv3)[n 6]RC4[n 7]FREAK[4][5]LogjamProtocol selection by user
Google Android OS[112]Android1.0–4.0.4NoYesYesNoNoNo?Yes[2]Yes (Since 3.0)[78][3]??VulnerableVulnerableVulnerableVulnerableNo
Android4.1–4.4.4NoYesYesDisabled by default[113]Disabled by default[113]No?YesYes??VulnerableVulnerableVulnerableVulnerableNo
Android5.0–5.0.2NoYesYesYes[113][114]Yes[113][114]No?YesYes??VulnerableVulnerableVulnerableVulnerableNo
Android5.1–5.1.1NoDisabled by default[citation needed]YesYesYesNo?YesYes??Not affectedOnly as fallback[n 15]MitigatedMitigatedNo
Android6.07.1.2NoDisabled by default[citation needed]YesYesYesNo?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android8.09NoNo[115]YesYesYesNo?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android1012.1NoNoYesYesYesYes?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android13NoNoYesYesYesYes?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android14NoNoYesYesYesYes?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android15NoNoDisabled by defaultDisabled by default[116]YesYes?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Android16NoNoDisabled by defaultDisabled by defaultYesYes?YesYes??Not affectedDisabled by defaultMitigatedMitigatedNo
Browser
or OS API		VersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0 (deprecated)TLS 1.1 (deprecated)TLS 1.2TLS 1.3EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Color or NoteSignificance
Browser versionPlatform
Browser versionOperating systemFuture release; under development
Browser versionOperating systemCurrent latest release
Browser versionOperating systemFormer release; still supported
Browser versionOperating systemFormer release;long-term support still active, but will end in less than 12 months
Browser versionOperating systemFormer release; no longer supported
N/aOperating systemMixed/Unspecified
Operating system(Version+)Minimum required operating system version (for supported versions of the browser)
Operating systemNo longer supported for thisoperating system
Notes
  1. ^Note actual security depends on other factors such as negotiated cipher, encryption strength, etc. (see§ Cipher table).
  2. ^Whether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.
  3. ^abWhether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.
  4. ^abe.g. 1/n-1 record splitting.
  5. ^abe.g. Disabling header compression inHTTPS/SPDY.
  6. ^ab
    • Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations.
    • Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites withCBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier.
    • When disabling SSL 3.0 manually, POODLE attack will fail.
  7. ^ab
    • Complete mitigation; disabling cipher suites with RC4.
    • Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower.
  8. ^Google Chrome (andChromium) supports TLS 1.0, and TLS 1.1 from version 22 (it was added, then dropped from version 21). TLS 1.2 support had been added, then dropped from Chrome 29.[6][7][8]
  9. ^Uses the TLS implementation provided byBoringSSL for Android, OS X, and Windows[9] or byNSS forLinux. Google is switching the TLS library used in Chrome to BoringSSL from NSS completely.
  10. ^abcdefghijklmnopqrstuvwxyzaaabacadaeafagahaiajakalamConfigure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers).
  11. ^abcdefghijklconfigure the maximum and the minimum version of enabling protocols withcommand-line option.
  12. ^TLS_FALLBACK_SCSV is implemented.[17] Fallback to SSL 3.0 is disabled since version 39.[18]
  13. ^In addition to TLS_FALLBACK_SCSV and disabling a fallback to SSL 3.0, SSL 3.0 itself is disabled by default.[18]
  14. ^abcConfigure the minimum version of enabling protocols via chrome://flags[22] (the maximum version can be configured with command-line option).
  15. ^abcdefgOnly when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.
  16. ^abcdefghijklmnopqrstuvwxyzaaabacadaeafagahaiajakalamanaoapaqAll RC4 cipher suites are disabled by default.
  17. ^Uses the TLS implementation provided byNSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.
  18. ^abcdefghijklmnConfigure the maximum and the minimum version of enabling protocols via about:config.
  19. ^SSL 3.0 itself is disabled by default.[40] In addition, fallback to SSL 3.0 is disabled since version 34,[42] and TLS_FALLBACK_SCSV is implemented since 35.0 and ESR 31.3.0.[40][43]
  20. ^abcdefIE uses the TLS implementation of the Microsoft Windows operating system provided by theSchannel security support provider. TLS 1.1 and 1.2 are disabled by default until IE11.[53][54]
  21. ^abWindows NT 3.1 supports IE 1–2,Windows NT 3.5 supports IE 1–3,Windows NT 3.51 andWindows NT 4.0 supports IE 1–6.
  22. ^abcdWindows XP as well as Server 2003 and older support only weak ciphers likeTriple DES and RC4 out of the box.[58] The weak ciphers of these Schannel version are not only used for IE, but also for other Microsoft products running on this OS, likeMicrosoft Office orWindows Update. Only Windows Server 2003 can get a manual update to supportAES ciphers by KB948963[59]
  23. ^abcdMS13-095 or MS14-049 for Windows Server 2003, Windows XP x64 and Windows XP SP3 (32-bit).
  24. ^abcdefghDTLS protocol counterpart version, however, is not supported.[63]
  25. ^RC4 can be disabled except as a fallback (Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback).[66]
  26. ^IE11 will continue to support these operating systems if they are with ESUs until at least October 13, 2026.
  27. ^abFallback to SSL 3.0 is sites blocked by default in Internet Explorer 11 for Protected Mode.[68][69] SSL 3.0 is disabled by default in Internet Explorer 11 since April 2015.[70]
  28. ^abcdefghijklmnopqrstuvwxyzaaabacadaeafTLS 1.0 and 1.1 are disabled by default in Internet Explorer 11 and EdgeHTML since September 2022.[71][72]
  29. ^IE11 ran out of support for GAC (formerly CB and SAC) editions of Windows 10 since June 15, 2022.[75][76]
  30. ^abcCould be disabled via registry editing but need 3rd Party tools to do this.[79]
  31. ^Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine.
  32. ^Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7)[85] with unknown version,[86] Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2[87] Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2.[88]
  33. ^In September 2013, Apple implementedBEAST mitigation inOS X 10.8 (Mountain Lion), but it was not turned on by default, resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.[90][91] BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.[92]
  34. ^abcdefghBecause Apple removed support for all CBC protocols in SSL 3.0 to mitigate POODLE,[93][94] this leaves only RC4, which is also completely broken by the RC4 attacks in SSL 3.0.
  35. ^Mobile Safari and third-party software utilizing the system UIWebView library use theiOS operating system implementation, which supports TLS 1.2 as of iOS 5.0.[101][102][103]

References

[edit]
  1. ^"What browsers support Extended Validation (EV) and display an EV indicator?".Symantec. Archived fromthe original on 2015-12-31. Retrieved2014-07-28.
  2. ^abcdefghij"SHA-256 Compatibility".Archived from the original on 2015-07-01. Retrieved2015-06-12.
  3. ^abcdefghijklmnopqrs"ECC Compatibility".Archived from the original on 2016-02-17. Retrieved2015-06-13.
  4. ^ab"Tracking the FREAK Attack".Archived from the original on 2015-03-06. Retrieved2015-03-08.
  5. ^ab"FREAK: Factoring RSA Export Keys".Archived from the original on 2015-03-11. Retrieved2015-03-08.
  6. ^"Dev Channel Update". 2012-05-29.Archived from the original on 2013-03-02. Retrieved2011-06-01.
  7. ^"Stable Channel Update". 2012-08-21.Archived from the original on 2012-08-25. Retrieved2012-08-22.
  8. ^Chromium Project (2013-05-30)."Chromium TLS 1.2 Implementation".
  9. ^"The Chromium Project: BoringSSL".Archived from the original on 2015-09-23. Retrieved2015-09-05.
  10. ^"Chrome Stable Release".Chrome Releases. 2011-10-25.Archived from the original on 2015-02-20. Retrieved2015-02-01.
  11. ^"SVN revision log on Chrome 10.0.648.127 release". Archived fromthe original on 2014-06-19. Retrieved2014-06-19.
  12. ^ab"ImperialViolet – CRIME". 2012-09-22.Archived from the original on 2015-01-10. Retrieved2014-10-18.
  13. ^ab"SSL/TLS Overview". 2008-08-06.Archived from the original on 2013-07-03. Retrieved2013-03-29.
  14. ^ab"Chromium Issue 90392". 2008-08-06.Archived from the original on 2013-08-03. Retrieved2013-06-28.
  15. ^ab"Issue 23503030 Merge 219882". 2013-09-03.Archived from the original on 2014-02-26. Retrieved2013-09-19.
  16. ^ab"Issue 278370: Unable to submit client certificates over TLS 1.2 from Windows". 2013-08-23.Archived from the original on 2013-10-05. Retrieved2013-10-03.
  17. ^Möller, Bodo (2014-10-14)."This POODLE bites: exploiting the SSL 3.0 fallback".Google Online Security blog. Google (via Blogspot).Archived from the original on 2014-10-28. Retrieved2014-10-28.
  18. ^abc"An update on SSLv3 in Chrome".Security-dev. 2014-10-31. Retrieved2014-11-04.
  19. ^"Stable Channel Update".Mozilla Developer Network. 2014-02-20.Archived from the original on 2014-10-24. Retrieved2014-11-14.
  20. ^"Changelog for Chrome 33.0.1750.117".Google. Archived fromthe original on 2014-01-16. Retrieved2014-11-14.
  21. ^"Issue 318442: Update to NSS 3.15.3 and NSPR 4.10.2".Archived from the original on 2015-03-15. Retrieved2014-11-14.
  22. ^ab"Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it. – Code Review".Archived from the original on 2015-04-16. Retrieved2015-01-22.
  23. ^"Issue 375342: Drop RC4 Support".Archived from the original on 2015-09-12. Retrieved2015-05-22.
  24. ^"Issue 436391: Add info on end of life of SSLVersionFallbackMin & SSLVersionMin policy in documentation".Archived from the original on 2015-04-18. Retrieved2015-04-19.
  25. ^"Issue 490240: Increase minimum DH size to 1024 bits (tracking bug)".Archived from the original on 2015-09-12. Retrieved2015-05-29.
  26. ^abcdefg"Intent to deprecate: RC4". Retrieved2015-12-21.
  27. ^abcdefg"An update on SHA-1 certificates in Chrome". 2015-12-18.Archived from the original on 2015-12-18. Retrieved2015-12-21.
  28. ^ab"Chrome Enterprise release notes - Google Chrome Enterprise Help".
  29. ^ab"Microsoft Edge Browser Policy Documentation | Microsoft Docs".Docs.microsoft.com. 2021-10-15. Retrieved2022-02-15.
  30. ^abcd"Security in Firefox 2". 2008-08-06.Archived from the original on 2014-07-14. Retrieved2009-03-31.
  31. ^"Attack against TLS-protected communications".Mozilla Security Blog. Mozilla. 2011-09-27.Archived from the original on 2015-03-04. Retrieved2015-02-01.
  32. ^ab"Introduction to SSL". MDN.Archived from the original on 2014-07-14. Retrieved2014-06-19.
  33. ^ab"NSS 3.15.3 Release Notes".Mozilla Developer Network. Mozilla.Archived from the original on 2014-06-05. Retrieved2014-07-13.
  34. ^ab"MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities".Mozilla.Archived from the original on 2014-07-14. Retrieved2014-07-13.
  35. ^"Bug 565047 – (RFC4346) Implement TLS 1.1 (RFC 4346)". Retrieved2013-10-29.
  36. ^"Bug 480514 – Implement support for TLS 1.2 (RFC 5246)". Retrieved2013-10-29.
  37. ^"Bug 733647 – Implement TLS 1.1 (RFC 4346) in Gecko (Firefox, Thunderbird), on by default". Retrieved2013-12-04.
  38. ^ab"Firefox Notes – Desktop". 2014-02-04.Archived from the original on 2014-02-07. Retrieved2014-02-04.
  39. ^"Bug 861266 – Implement TLS 1.2 (RFC 5246) in Gecko (Firefox, Thunderbird), on by default". Retrieved2013-11-18.
  40. ^abc"The POODLE Attack and the End of SSL 3.0".Mozilla blog. Mozilla. 2014-10-14.Archived from the original on 2014-10-18. Retrieved2014-10-28.
  41. ^"Firefox — Notes (34.0) — Mozilla". mozilla.org. 2014-12-01.Archived from the original on 2015-04-09. Retrieved2015-04-03.
  42. ^"Bug 1083058 – A pref to control TLS version fallback". bugzilla.mozilla.org. Retrieved2014-11-06.
  43. ^"Bug 1036737 – Add support for draft-ietf-tls-downgrade-scsv to Gecko/Firefox". bugzilla.mozilla.org. Retrieved2014-10-29.
  44. ^abc"Bug 1166031 – Update to NSS 3.19.1". bugzilla.mozilla.org. Retrieved2015-05-29.
  45. ^"Bug 1088915 – Stop offering RC4 in the first handshakes". bugzilla.mozilla.org. Retrieved2014-11-04.
  46. ^"Firefox — Notes (39.0) — Mozilla". mozilla.org. 2015-06-30.Archived from the original on 2015-07-03. Retrieved2015-07-03.
  47. ^"Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year".VentureBeat. 2015-09-01.Archived from the original on 2015-09-05. Retrieved2015-09-05.
  48. ^"Intent to ship: RC4 disabled by default in Firefox 44".Archived from the original on 2011-01-22. Retrieved2015-10-18.
  49. ^"RC4 is now allowed only on whitelisted sites (Reverted)". Retrieved2015-11-02.
  50. ^"Firefox — Notes (44.0) — Mozilla". mozilla.org. 2016-01-26.Archived from the original on 2016-03-04. Retrieved2016-03-09.
  51. ^"Bug 1342082 – Disable TLS 1.3 for FF52 Release". Retrieved2017-03-29.
  52. ^ab"Firefox 78.0, See All New Features, Updates and Fixes".
  53. ^Microsoft (2012-09-05)."Secure Channel".Archived from the original on 2012-08-29. Retrieved2012-10-18.
  54. ^Microsoft (2009-02-27)."MS-TLSP Appendix A".Archived from the original on 2013-09-27. Retrieved2009-03-19.
  55. ^ab"What browsers only support SSLv2?". Retrieved2014-06-19.
  56. ^abcd"SHA2 and Windows – Windows PKI blog – Site Home – TechNet Blogs". 2010-09-30.Archived from the original on 2014-07-16. Retrieved2014-07-29.
  57. ^abcde"HTTPS Security Improvements in Internet Explorer 7".Archived from the original on 2013-10-10. Retrieved2013-10-29.
  58. ^"TLS Cipher Suites". Microsoft.Archived from the original on 2017-03-13.
  59. ^"Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps".Archived from the original on 2015-03-11. Retrieved2017-07-19.
  60. ^abcdefMSRC (2015-03-10).Vulnerability in Schannel Could Allow Security Feature Bypass (3046049).Security Bulletins (Technical report). MS15-031. Retrieved2021-10-24 – viaMicrosoft Docs.
  61. ^abcdefMSRC (2015-05-12).Vulnerability in Schannel Could Allow Information Disclosure (3061518).Security Bulletins (Technical report). MS15-055. Retrieved2021-10-24 – viaMicrosoft Docs.
  62. ^ab"Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009". Retrieved2017-07-19.
  63. ^abcde"Protocols in TLS/SSL (Schannel SSP) - Win32 apps".learn.microsoft.com. Retrieved2022-02-20.
  64. ^ab"Windows 7 adds support for TLSv1.1 and TLSv1.2 – IEInternals – Site Home – MSDN Blogs".Archived from the original on 2013-12-26. Retrieved2013-10-29.
  65. ^Thomlinson, Matt (2014-11-11)."Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security.Archived from the original on 2014-11-14. Retrieved2014-11-14.
  66. ^"Microsoft security advisory: Update for disabling RC4".Support.microsoft.com. Archived fromthe original on 11 March 2015. Retrieved20 February 2022.
  67. ^ab"Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard".Microsoft Support. 2019-04-16.
  68. ^"February 2015 security updates for Internet Explorer". 2015-02-11.Archived from the original on 2015-02-11. Retrieved2015-02-11.
  69. ^"Update turns on the setting to disable SSL 3.0 fallback for protected mode sites by default in Internet Explorer 11".Archived from the original on 2015-02-14. Retrieved2015-02-11.
  70. ^MSRC (2014-10-14).Vulnerability in SSL 3.0 Could Allow Information Disclosure.Security Advisories (Technical report). 3009008. Retrieved2021-10-24 – viaMicrosoft Docs.
  71. ^Pflug, Kyle (2020-03-31)."Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default".Windows Blogs.
  72. ^"KB5017811—Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change on September 20, 2022".Microsoft Support. Retrieved2023-01-09.
  73. ^Microsoft (2013-09-24)."IE11 Changes".Archived from the original on 2013-10-30. Retrieved2013-11-01.
  74. ^abcd"TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016". Microsoft. 2017-03-21. Archived fromthe original on 2017-03-30. Retrieved2017-03-29.
  75. ^"Internet Explorer 11 has retired and is officially out of support—what you need to know". June 15, 2022.
  76. ^"Internet Explorer 11 desktop app support ended for certain versions of Windows 10". June 15, 2022.
  77. ^https://techcommunity.microsoft.com/blog/windows-itpro-blog/what-to-know-about-windows-11-version-26h1/4491941
  78. ^abcd"What browsers work with Universal SSL".Archived from the original on 2016-03-04. Retrieved2015-06-15.
  79. ^"POODLE SSL vulnerability – secure your Windo… – Windows Phone 8 Development and Hacking".XDA Developers. 15 October 2014.Archived from the original on 2016-09-23.
  80. ^ab"What TLS version is used in Windows Phone 8 for secure HTTP connections?". Microsoft.Archived from the original on 2016-03-04. Retrieved2014-11-07.
  81. ^"Qualys SSL Labs – Projects/User Agent Capabilities: Unknown".Archived from the original on 2017-03-01.
  82. ^ab"Platform Security".TechNet.Microsoft Docs. 2014-06-25. Retrieved2021-10-24.
  83. ^"Release Notes: Important Issues in Windows 8.1 Preview".TechNet.Microsoft Docs. 2013-06-24. Retrieved2021-10-24.
  84. ^"W8.1(IE11) vs RC4".Qualys Community.Archived from the original on 2014-11-04. Retrieved2014-11-04.
  85. ^Adrian, Dimcev."Common browsers/libraries/servers and the associated cipher suites implemented".TLS Cipher Suites Project.Archived from the original on 2013-07-20.
  86. ^"Features".Safari. Apple. 2009-06-10.Archived from the original on 2013-04-20. Retrieved2009-06-10.
  87. ^"Curl: Patch to add TLS 1.1 and 1.2 support & replace deprecated functions in SecureTransport". Sweden: haxx.se.Archived from the original on 2017-03-01.
  88. ^"SSL Server Test: google.co.uk".Archived from the original on February 1, 2017.
  89. ^"Apple Secures Mac OS X with Mavericks Release". eSecurity Planet. 2013-10-25.Archived from the original on 2014-07-08. Retrieved2014-06-23.
  90. ^Ristic, Ivan (2013-09-10)."Is BEAST Still a Threat?". Qualys.Archived from the original on 2014-10-12.
  91. ^abRistić, Ivan (2013-10-31)."Apple enabled BEAST mitigations in OS X 10.9 Mavericks".Archived from the original on 2013-11-07. Retrieved2013-11-07.
  92. ^Ristić, Ivan (2014-02-26)."Apple finally releases patch for BEAST". Qualys.Archived from the original on 2014-07-14. Retrieved2014-07-01.
  93. ^"About Security Update 2014-005".Apple Support knowledge base article. Apple.Archived from the original on 2014-10-24.
  94. ^"About the security content of iOS 8.1".Apple Support knowledge base article. Apple.Archived from the original on 2014-10-23.
  95. ^abc"About Security Update 2015-002".Apple Support knowledge base article. Apple.Archived from the original on 2015-03-16. Retrieved2015-03-09.
  96. ^ab"About the security content of OS X Mavericks v10.9".Archived from the original on 2014-07-04. Retrieved2014-06-20.
  97. ^"User Agent Capabilities: Safari 8/OS X 10.10". Qualys SSL Labs.Archived from the original on 2015-09-06. Retrieved2015-03-07.
  98. ^"About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005".Archived from the original on 2015-07-02. Retrieved2015-07-03.
  99. ^abPauly, Tommy (2019-01-29)."TLS 1.3 in iOS".tls@ietf.org (Mailing list).
  100. ^"MacOS Tahoe 26 Release Notes".
  101. ^abc"Technical Note TN2287 – iOS 5 and TLS 1.2 Interoperability Issues". Apple. 2011-10-14.Archived from the original on 2011-09-07. Retrieved2012-12-10.
  102. ^Liebowitz, Matt (2011-10-13)."Apple issues huge software security patches".NBC News. Archived fromthe original on February 15, 2020. Retrieved2012-12-10.
  103. ^"Adventures with iOS UIWebviews".MWR Info Security. 2012-04-16.Archived from the original on 2013-03-20. Retrieved2012-12-10., section "HTTPS (SSL/TLS)"
  104. ^"Secure Transport Reference".Archived from the original on 2014-06-04. Retrieved2014-06-23.kSSLProtocol2 is deprecated in iOS
  105. ^"iPhone 3.0: Mobile Safari Gets Enhanced Security Certificate Visualization".The iPhone Blog. 2009-03-31. Archived fromthe original on 2009-04-03.
  106. ^"Projects/User Agent Capabilities: Safari 7/iOS 7.1". Qualys SSL Labs.Archived from the original on 2017-03-13.
  107. ^"SOAP Request fails randomly on one Server but works on another on iOS7".Stack Overflow. 2013-10-11. Retrieved2014-01-05.
  108. ^"User Agent Capabilities: Safari 8/iOS 8.1.2". Qualys SSL Labs.Archived from the original on 2016-03-04. Retrieved2015-03-07.
  109. ^"About the security content of iOS 8.2".Apple Support knowledge base article. Apple.Archived from the original on 2015-03-09. Retrieved2015-03-09.
  110. ^"About the security content of iOS 8.4".Archived from the original on 2015-07-03. Retrieved2015-07-03.
  111. ^"IOS & iPadOS 26 Release Notes".
  112. ^"SSLSocket|Android Developers".Archived from the original on 2015-03-18. Retrieved2015-03-11.
  113. ^abcd"SSLSocket|Android Developers".Archived from the original on 2016-03-04. Retrieved2015-12-17.
  114. ^ab"Android 5.0 Behavior Changes|Android Developers".Archived from the original on 2015-03-09. Retrieved2015-03-11.
  115. ^"Android 8.0 Behavior Changes".Archived from the original on 2017-12-01.
  116. ^"Behavior changes: Apps targeting Android 15 or higher".
Retrieved from "https://en.wikipedia.org/w/index.php?title=Version_history_for_TLS/SSL_support_in_web_browsers&oldid=1338978229"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp