Forum Discussion
Solved
TLS 1.3
TLS 1.3 is a very needed feature for those in corporate environments for our public facing websites. The speed advantages are immense in larger sites with no caching
TheAutisticTechie As with Chrome, TLS/1.3 is supported in all versions of Chromium-based Edge (and will be supported on all platforms).
No, it hasn't been.
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/
- Eric_Lawrence
Microsoft
Unoki TLS/1.3 has been available in the new Edge since its first Canary release. Discussions of IIS and Windows more broadly are not in scope for this forum; you can find other communities where such conversations are more appropriate.
Eric_Lawrence Can we had a way (in entreprise) like they do in firefox to reject tls 1.0 and 1.1 and other weak cipher suite ?
- Eric_LawrenceThe SSLVersionMin policy allows enterprises to set a minimum TLS version.
Ciphersuites can be controlled via the cipher-suite-denylist command line argument (Chrome uses "cipher-suite-blacklist") as follows:
msedge.exe --ssl-version-min=tls1.2 --cipher-suite-denylist=0x000a https://ssllabs.com
This doesn't appear to be available via policy in Chromium today, see:
https://bugs.chromium.org/p/chromium/issues/detail?id=931204#c5
https://bugs.chromium.org/p/chromium/issues/detail?id=930508#c15
...but it's something that the Edge team might look at if there were significant demand.
- Any guidance you can provide on how to restrict the lowest level of TLS in this new Edgium? browser? I have set the minimums in the Internet Advanced settings but the Qualys Labs site still shows TLS 1.0 and 1.1 as Yes. Both flags in Insider Edge for TLS 1.3 are set to Default.
Thanks.- Eric_LawrenceYou can use policy, see:
https://www.chromium.org/administrators/policy-list-3#SSLVersionMin
Or you can use a command line flag:
msedge.exe --ssl-version-min=tls1.3
Having said that, the Qualys SSLLabs.com site requires TLS1.2 at this time.
