SOLVED

TLS 1.3

%3CLINGO-SUB%20id%3D%22lingo-sub-410501%22%20slang%3D%22en-US%22%3ETLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-410501%22%20slang%3D%22en-US%22%3E%3CP%3ETLS%201.3%20is%20a%20very%20needed%20feature%20for%20those%20in%20corporate%20environments%20for%20our%20public%20facing%20websites.%20The%20speed%20advantages%20are%20immense%20in%20larger%20sites%20with%20no%20caching%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-412917%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-412917%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2FviewMyClient.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.ssllabs.com%2Fssltest%2FviewMyClient.html%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20looks%20like%20TLS%201.3%20is%20supported%20on%20my%20configuration%20using%20Edge%20Canary%20and%20Dev%20with%20Windows%2010%201809.%26nbsp%3B%20Are%20you%20seeing%20otherwise%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-418425%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-418425%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316490%22%20target%3D%22_blank%22%3E%40danmurphy%3C%2FA%3E%26nbsp%3BAs%20with%20Chrome%2C%20TLS%2F1.3%20is%20supported%20in%20all%20versions%20of%20Chromium-based%20Edge%20(and%20will%20be%20supported%20on%20all%20platforms).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-420842%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-420842%22%20slang%3D%22en-US%22%3ESorry%20I%20wasn't%20able%20to%20get%20to%20this%20yesterday%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316490%22%20target%3D%22_blank%22%3E%40danmurphy%3C%2FA%3E.%20As%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316933%22%20target%3D%22_blank%22%3E%40joel0m%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%20have%20discovered%2C%20all%20preview%20channels%20of%20Edge%20already%20support%20TLS1.3.%20Are%20you%20seeing%20sites%20that%20are%20should%20be%20using%20TLS1.3%20and%20are%20not%20with%20the%20Edge%20browser%3F%20If%20so%2C%20please%20let%20me%20know%20so%20that%20we%20can%20investigate.%3CBR%20%2F%3EElliot%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-420904%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-420904%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239638%22%20target%3D%22_blank%22%3E%40Elliot%20Kirk%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316933%22%20target%3D%22_blank%22%3E%40joel0m%3C%2FA%3E%3CSPAN%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20replies.%20I%20checked%20some%20sites%20last%20night%20which%20didn't%20work.%20Reinstalled%20tonight%20and%20it%20is%20now%20working%20the%20same%20as%20my%20Chrome.%20SSL%20Labs%20site%20reports%20TLS%201.2%20in%20use%20with%20experimental%201.3%20as%20expected%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20entirely%20sure%20why%20it%20didnt%20work%20yesterday%2C%20though%20maybe%20because%20I%20also%20have%20Windows%20insider%20too%20perhaps%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-421040%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-421040%22%20slang%3D%22en-US%22%3EYeah%20will%20do.%20I'll%20try%20replicating%20it%20again%20tomorrow%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-421006%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-421006%22%20slang%3D%22en-US%22%3EThanks.%20If%20you%20see%20any%20weirdness%20like%20this%20again%2C%20please%20send%20a%20smiley%20(top%20right%20of%20the%20browser)%20as%20that%20will%20collect%20some%20light%20telemetry%20and%20will%20help%20us%20better%20diagnose%20any%20potential%20problems.%20%3CBR%20%2F%3EElliot%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-556419%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-556419%22%20slang%3D%22en-US%22%3EIsn't%20the%20issue%20here%20that%20Windows%20Server%20IIS%20doesn't%20support%20TLS1.3...%3CBR%20%2F%3EDoes%20Microsoft%20have%20an%20ETA%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-558757%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-558757%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F339734%22%20target%3D%22_blank%22%3E%40Avaza%3C%2FA%3E%26nbsp%3BIt's%20unlikely%20that%20the%20original%20poster's%20issue%20was%20with%20IIS%20(as%20Chrome%20would%20exhibit%20matching%20behavior%20and%20apparently%20it%20started%20working%20as%20expected%20later).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20terms%20of%20Windows%20Server's%20roadmap%20for%20TLS%2F1.3%20support%20in%20IIS%2C%20you'll%20probably%20get%20a%20better%20informed%20answer%20over%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-IIS%2Fct-p%2FMicrosoft-IIS%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FMicrosoft-IIS%2Fct-p%2FMicrosoft-IIS%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694780%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694780%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F316490%22%20target%3D%22_blank%22%3E%40danmurphy%3C%2FA%3E%26nbsp%3BNo%2C%20TLS%201.3%20is%20not%20a%20'badly%20needed%20feature'%20and%20the%20speed%20benefits%20are%20not%20'immense%2C'%26nbsp%3B%20unless%20you%20are%20TLS%20servers%20on%20old%20consumer%20level%20hardware%20that%20lack%20AES%20accelerators.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20is%20not%20like%20garbage%20developers%20-%20I%20mean%20open%20source%20developers%20that%20race%20to%20implement%20something%20for%20the%20personal%20gratification%20rather%20than%20for%20the%20quality%20of%20the%20product.%20MS%2C%20RSA%20and%20Cisco%20have%20the%20only%20TLS%201.0%20implementations%20without%20active%20exploits%20because%20of%20it%20where%20nearly%20all%20other%20implementations%20do.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20addition%2C%20TLS%201.3%20was%20only%20ratified%20a%20few%20months%20ago.%20All%20efforts%20so%20far%20are%20based%20on%20code%20written%20before%20the%20standard%20was%20ratified%20and%20have%20extreme%20likelihood%20of%20containing%20legacy%20code%20that%20will%20provide%20a%20vector%20for%20exploit.%20In%20addition%2C%20these%20open%20source%20projects%20have%20also%20carelessly%20introduced%20exploits%20into%20TLS%201.3%20that%20do%20not%20exist%20in%201.2%2C%20and%20simply%20having%201.3%20enabled%20enables%20downgrade%20attacks%20against%20weaker%20protocols%20that%20can%20be%20completely%20broken.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWait%20for%20a%20correct%20implementation.%20Most%20(other%20than%20the%20ones%20where%20the%20protocol%20was%20fundamentally%20broken)%20of%20the%20famous%20SSL%20and%20TLS%20exploits%20have%20been%20created%20by%20bad%20open%20source%20solutions%20that%20incorrectly%20implemented%20SSL%2FTLS.%20You%20will%20see%20no%20difference%20in%20performance%2C%20other%20than%20perhaps%20at%20low%20power%20client%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694782%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694782%22%20slang%3D%22en-US%22%3EMicrosoft%20released%20TLS%201.2%20within%20about%206%20months%20of%20its%20ratification.%3CBR%20%2F%3EIt's%20been%20longer%20than%20that%20for%20TLS%201.3%20and%20no%20word%20yet%20on%20future%20support.%3CBR%20%2F%3E%3CBR%20%2F%3ETls%201.3%20is%20designed%20to%20bring%20significant%20speed%20%26amp%3B%20security%20improvements.%20Reducing%20the%20number%20of%20round%20trips%20required%20is%20a%20massive%20improvement%2C%20especially%20for%20global%20customers%20who%20have%20longer%20latencies.%3CBR%20%2F%3E%3CBR%20%2F%3EIIS%20is%20falling%20behind.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694784%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694784%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F339734%22%20target%3D%22_blank%22%3E%40Avaza%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20No%20MS%20did%20not%20release%20support%20for%20TLS%201.2%20within%206%20months.%20TLS%201.2%20was%20ratified%20in%20August%20of%202008.%20NT%206.1%20RTMed%20at%20the%20end%20of%20July%202009.%20That%20is%20nearly%20a%20year.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20It%20doesn't%20matter.%20TLS%201.3%20is%20not%20the%20same%20thing%20as%20TLS%201.2.%20TLS%201.3%20is%20a%20radical%20update%20to%20the%20protocol%2C%20so%20much%20so%20that%20it%20was%20nearly%20named%20TLS%202.0.%20Correctly%20implementing%20it%20will%20take%20time.%20If%20you%20are%20fine%20with%20settling%20for%20exploit-ridden%2C%20incorrect%20implementations%20of%201.3%20currently%20available%2C%20then%20you%20cannot%20claim%20to%20care%20about%20anything%20you%20claim%20to%20care%20about%20in%20the%20implementation.%20TLS%201.2%20is%20also%20not%20yet%20exploitable%20and%20is%20better%20than%20every%20incorrect%20implementation%20of%201.3%20out%20there.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20Mathematical%20differences%20in%20speed%20are%20not%20measurable%20differences%20in%20speed.%20It%20doesn't%20matter%20how%20much%20you%20insist%20there%20will%20be%20a%20measurable%20difference%20between%201.3%20and%201.2%2C%20it%20wont%20be%20there.%20Your%20part%20about%20latency%20is%20correct%2C%20but%20in%20order%20for%20latency%20to%20come%20into%20play%20in%20speed%20-%20which%20would%20manifest%20only%20through%20avoiding%20some%20packet%20loss%20-%20you%20will%20have%20to%20be%20into%20latencies%20of%20600-700%20milliseconds%20with%20high%20jitter%2C%20or%20800-900%20milliseconds%20or%20higher%20with%20consistent%20latency.%20In%20other%20words%2C%20EXTREME%20low%20end%20satellite%20service%20or%20extraordinarily%20busy%20site%20to%20site%20microwave%20links.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4.%20IIS%20is%20an%20HTTP%20server%2C%20not%20a%20TLS%20server.%20The%20two%20have%20absolutely%20NOTHING%20to%20do%20with%20each%20other.%20Windows%20keeping%20an%20incorrect%20implementation%20of%20TLS%20out%20of%20the%20operating%20system%20which%20opens%20up%20exploits%20that%20never%20existed%20before%2C%20in%20place%20of%20a%20TLS%201.2%20that%20currently%20cannot%20be%20exploited%20is%20foolhardy%20at%20best.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694794%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694794%22%20slang%3D%22en-US%22%3E1)%20TLS1.2%20was%20announced%20and%20available%20to%20insiders%20to%20use%20within%206%20months.%3CBR%20%2F%3E%3CBR%20%2F%3E2)%20Responsible%20maintenance%20of%20a%20community%20that%20use%20your%20product%20should%20include%20announcing%20timelines%20for%20major%20updates%20like%20this..%3CBR%20%2F%3E%3CBR%20%2F%3E3)%20the%20speed%20difference%2C%20as%20per%20plenty%20of%20real%20life%20benchmarks%20from%20the%20companies%20using%20it%20in%20production%20today%20is%20not%20insignificant.%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20makes%20as%2050%25%20improvement%20in%20setup%20time%20for%20a%20TLS%20connection%20because%20only%202%20instead%20of%203%20total%20roundtrips%20are%20needed.%20The%20TLS%20component%20is%20halved.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20customers%20in%20Australia%20connecting%20to%20a%20US%20Server%2C%20that%20typically%20means%20about%20200ms%20cut%20off%20the%20TTFB.%3CBR%20%2F%3EAnd%20200ms%20latency%20is%20common.%20The%20global%20average%20RTT%20latency%20seen%20by%20users%20of%20Slack%20is%20reported%20as%20200ms%20after%20they%20implemented%20their%20all-traffic%20cdn.%3CBR%20%2F%3E%3CBR%20%2F%3EAnother%20advantage%20of%20is%20that%20in%20a%20sense%2C%20it%20remembers!%20On%20sites%20you%20have%20previously%20visited%2C%20you%20can%20now%20send%20data%20on%20the%20first%20message%20to%20the%20server.%20This%20is%20called%20a%20%E2%80%9Czero%20round%20trip.%E2%80%9D%20(0-RTT).%20And%20yes%2C%20this%20also%20results%20in%20improved%20load%20time%20times%3CBR%20%2F%3E%3CBR%20%2F%3E4)%20all%20software%20has%20vulnerabilities.%20%26amp%3B%20patches.%3CBR%20%2F%3ENo%20one's%20suggesting%20cutting%20corners.%3CBR%20%2F%3EMicrosoft's%20silence%20is%20either%20due%20to%20poor%20communication%20or%20because%20this%20isn't%20a%20priority.%3CBR%20%2F%3EIf%20it's%20low%20priority%20it%20also%20won't%20the%20better%20developers%20assigned%2C%20and%20also%20will%20be%20a%20lower%20quality%20implementation.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694795%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694795%22%20slang%3D%22en-US%22%3E1)%20TLS1.2%20was%20announced%20and%20available%20to%20insiders%20to%20use%20%26amp%3B%20test%20at%20approx%206%20months.%3CBR%20%2F%3E%3CBR%20%2F%3E2)%20Responsible%20maintenance%20of%20a%20community%20that%20use%20your%20product%20should%20include%20announcing%20timelines%20for%20major%20updates%20like%20this..%3CBR%20%2F%3E%3CBR%20%2F%3E3)%20the%20speed%20difference%2C%20as%20per%20plenty%20of%20real%20life%20benchmarks%20from%20the%20companies%20using%20it%20in%20production%20today%20is%20not%20insignificant.%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20makes%20as%2050%25%20improvement%20in%20setup%20time%20for%20a%20TLS%20connection%20because%20only%202%20instead%20of%203%20total%20roundtrips%20are%20needed.%20The%20TLS%20component%20is%20halved.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20customers%20in%20Australia%20connecting%20to%20a%20US%20Server%2C%20that%20typically%20means%20about%20200ms%20cut%20off%20the%20TTFB.%3CBR%20%2F%3EAnd%20200ms%20latency%20is%20common.%20The%20global%20average%20RTT%20latency%20seen%20by%20users%20of%20Slack%20is%20reported%20as%20200ms%20after%20they%20implemented%20their%20all-traffic%20cdn.%3CBR%20%2F%3E%3CBR%20%2F%3EAnother%20advantage%20of%20is%20that%20in%20a%20sense%2C%20it%20remembers!%20On%20sites%20you%20have%20previously%20visited%2C%20you%20can%20now%20send%20data%20on%20the%20first%20message%20to%20the%20server.%20This%20is%20called%20a%20%E2%80%9Czero%20round%20trip.%E2%80%9D%20(0-RTT).%20And%20yes%2C%20this%20also%20results%20in%20improved%20load%20time%20times%3CBR%20%2F%3E%3CBR%20%2F%3E4)%20all%20software%20has%20vulnerabilities.%20%26amp%3B%20patches.%3CBR%20%2F%3ENo%20one's%20suggesting%20cutting%20corners.%3CBR%20%2F%3EMicrosoft's%20silence%20is%20either%20due%20to%20poor%20communication%20or%20because%20this%20isn't%20a%20priority.%3CBR%20%2F%3EIf%20it's%20low%20priority%20it%20also%20won't%20the%20better%20developers%20assigned%2C%20and%20also%20will%20be%20a%20lower%20quality%20implementation.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694803%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694803%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F339734%22%20target%3D%22_blank%22%3E%40Avaza%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F361147%22%20target%3D%22_blank%22%3E%40Unoki%3C%2FA%3E%26nbsp%3BNot%20sure%20whats%20gotten%20into%20you%20both%20but%20as%20you%20can%20see%20in%20the%20first%20few%20replies%2C%20TLS%201.3%20is%20already%20implemented%20successfully%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694804%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694804%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F339734%22%20target%3D%22_blank%22%3E%40Avaza%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20The%20windows%20insider%20program%20didn't%20exist%20until%20Windows%2010.%20If%20you%20meant%20the%20beta%20program%2C%20well%20that%20is%20completely%20irrelevant.%20Until%20Windows%2010%2C%20Betas%20were%20exclusively%20used%20for%20pre-validation%20of%20applications%2C%20drivers%2C%20etc%2C%20and%20all%20were%20pretty%20much%20universally%20extremely%20unstable%20and%20unusable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20No%2C%20it%20doesn't.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3.%20No%20it%20isn't.%20Mathematically%20faster%20and%20something%20that%20is%20perceivably%20faster%20aren't%20the%20same%20thing.%20You%20seem%20to%20be%20exclusively%20focusing%20on%20web%20pages%20and%20other%20client%20apps%2C%20but%20no%20person%20is%20ever%20going%20to%20notice%20a%20difference%20of%20200%20milliseconds%20when%20the%20client%20applications%20takes%20thousands%20of%20milliseconds%20to%20render%20a%20page%2C%20or%20establish%20a%20SIP%20connection%20to%20the%20server.%20You%20aren't%20saving%20200%20milliseconds%20between%20australia%20and%20the%20united%20states%20either.%20I%20have%20a%20training%20web%20application%20that%20is%20hosted%20in%20Australia%20behind%20a%20cloud%20load%20balancer%20and%20typically%20only%20see%20latency%20of%20about%205-600%20milliseconds%20in%20the%20health%20check%20which%20includes%20the%20~300%20or%20so%20milliseconds%20of%20establishing%20each%20session%2C%20which%20would%20only%20be%20incurred%20once%20in%20real%20use.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20ecommerce%20sites%20and%20content%20delivery%20networks%20these%20small%20gains%20could%20definitely%20measurably%20impact%20their%20business%2C%20but%20both%20of%20these%20segments%20are%20usually%20slow%20to%20implement%20new%20technology%2C%20because%201%2C%20both%20of%20them%20have%20to%20work%20all%20the%20time%20without%20exception%2C%20and%202%2C%20ecommerce%20has%20to%20be%20secure%20without%20exception%20and%20content%20delivery%20networks%20may%20have%20to%20be%20very%20strictly%20secure%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E4.%20Implementing%20TLS%20is%20not%20even%20close%20to%20being%20the%20same%20thing%20as%20writing%20a%20patch%20for%20an%20application%2C%20and%20no%20exploit%20discovered%20within%20less%20than%20a%20year%20of%20the%20protocol's%20ratification%20due%20to%20incorrect%20implementation%20is%20even%20nominally%20acceptable.%20Virtually%20every%20TLS%201.3%20client%20and%20server%20introduced%20multiple%20exploits%20enabling%20attack%20vectors%20at%20both%20ends%2C%20that%20allowed%20easy%20and%20difficult%20to%20detect%20downgrade%20attacks%2C%20abd%20if%20enabled%20allowed%20for%20easy%20downgrade%20to%20SSL%203.0%20or%20TLS%201.0%20-%20which%20more%20than%20likely%20was%20another%20incorrect%20TLS%20implementation%20containing%20exploits.%20Cutting%20corners%20is%20exactly%20what%20you%20are%20suggesting.%20Every%20single%20current%20implementation%20of%20TLS%201.3%20cut%20corners%20and%20exposed%20every%20single%20one%20of%20it's%20users.%20In%20less%20than%20a%20year.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694805%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694805%22%20slang%3D%22en-US%22%3E%3CP%3ENo%2C%20it%20hasn't%20been.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.nccgroup.trust%2Fus%2Fabout-us%2Fnewsroom-and-events%2Fblog%2F2019%2Ffebruary%2Fdowngrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.nccgroup.trust%2Fus%2Fabout-us%2Fnewsroom-and-events%2Fblog%2F2019%2Ffebruary%2Fdowngrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-696470%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-696470%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F361147%22%20target%3D%22_blank%22%3E%40Unoki%3C%2FA%3E%26nbsp%3BTLS%2F1.3%20has%20been%20available%20in%20the%20new%20Edge%20since%20its%20first%20Canary%20release.%20Discussions%20of%20IIS%20and%20Windows%20more%20broadly%20are%20not%20in%20scope%20for%20this%20forum%3B%20you%20can%20find%20other%20communities%20where%20such%20conversations%20are%20more%20appropriate.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750160%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750160%22%20slang%3D%22en-US%22%3EAny%20guidance%20you%20can%20provide%20on%20how%20to%20restrict%20the%20lowest%20level%20of%20TLS%20in%20this%20new%20Edgium%3F%20browser%3F%20I%20have%20set%20the%20minimums%20in%20the%20Internet%20Advanced%20settings%20but%20the%20Qualys%20Labs%20site%20still%20shows%20TLS%201.0%20and%201.1%20as%20Yes.%20Both%20flags%20in%20Insider%20Edge%20for%20TLS%201.3%20are%20set%20to%20Default.%3CBR%20%2F%3EThanks.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750311%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750311%22%20slang%3D%22en-US%22%3EYou%20can%20use%20policy%2C%20see%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%20%3CA%20href%3D%22https%3A%2F%2Fwww.chromium.org%2Fadministrators%2Fpolicy-list-3%23SSLVersionMin%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.chromium.org%2Fadministrators%2Fpolicy-list-3%23SSLVersionMin%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EOr%20you%20can%20use%20a%20command%20line%20flag%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%20msedge.exe%20--ssl-version-min%3Dtls1.3%20%3CBR%20%2F%3E%3CBR%20%2F%3EHaving%20said%20that%2C%20the%20Qualys%20SSLLabs.com%20site%20requires%20TLS1.2%20at%20this%20time.%20%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-750510%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-750510%22%20slang%3D%22en-US%22%3E%3CP%3EHmm%2C%20I%20added%20the%20policy%20key%20and%20restarted%20all%20browser%20session%20SSL%20test%20%3D%20no%20change%2C%20TLS%201%20to%201.3%20as%20yes.%3CBR%20%2F%3EI%20used%20command%20line%20msedge.exe%20--ssl-version-min%3Dtls1.2%20and%20it%20%3CSTRIKE%3Estill%20tests%20with%201.0%20as%20yes%3C%2FSTRIKE%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EEDITED%3C%2FSTRONG%3E%20It%20took%20a%20full%20computer%20restart%20and%20then%20this%20worked.%3CBR%20%2F%3EOpened%20InPrivate%20tab%20still%20tests%20as%20yes%20for%201.0.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRIKE%3EI%20have%20successfully%20set%20policy%20key%20for%20regular%20Chrome%20(%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CGoogle%5CChrome%5CSSLVersionMin)%20and%20it%20was%20detected%20and%20works%20as%20expected.%3C%2FSTRIKE%3E%3C%2FP%3E%3CP%3EI'll%20just%20have%20to%20create%20a%20shortcut%20using%20%22msedge.exe%20--ssl-version-min%3Dtls1.2%22%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSTRIKE%3EAny%20other%20suggestions%3F%3C%2FSTRIKE%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752580%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752580%22%20slang%3D%22en-US%22%3ERestarting%20your%20computer%20should%20have%20no%20impact%3B%20the%20most%20likely%20explanation%20is%20that%20you%20had%20a%20zombie'd%20msedge.exe%20somewhere%20in%20the%20background%20which%20prevented%20the%20flag%20from%20taking%20effect.%20Visiting%20edge%3A%2F%2Fversion%2F%20will%20show%20the%20command%20line%20of%20the%20current%20instance%20which%20will%20help%20confirm.%3CBR%20%2F%3E%3CBR%20%2F%3ESimilarly%2C%20I'm%20not%20able%20to%20reproduce%20your%20finding%20for%20InPrivate%20mode%3B%20when%20I%20launch%20with%20the%20command%20line%20flag%2C%20it's%20respected%20as%20expected%20while%20InPrivate.%3CBR%20%2F%3E%3CBR%20%2F%3EHow%20specifically%20did%20you%20%22add%20the%20policy%20key%22%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752645%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752645%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3BCan%20we%20had%20a%20way%20(in%20entreprise)%20like%20they%20do%20in%20firefox%20to%20reject%20tls%201.0%20and%201.1%20and%20other%20weak%20cipher%20suite%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752679%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752679%22%20slang%3D%22en-US%22%3EThe%20SSLVersionMin%20policy%20allows%20enterprises%20to%20set%20a%20minimum%20TLS%20version.%3CBR%20%2F%3E%3CBR%20%2F%3ECiphersuites%20can%20be%20controlled%20via%20the%20cipher-suite-denylist%20command%20line%20argument%20(Chrome%20uses%20%22cipher-suite-blacklist%22)%20as%20follows%3A%3CBR%20%2F%3E%3CBR%20%2F%3Emsedge.exe%20--ssl-version-min%3Dtls1.2%20--cipher-suite-denylist%3D0x000a%20%3CA%20href%3D%22https%3A%2F%2Fssllabs.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fssllabs.com%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThis%20doesn't%20appear%20to%20be%20available%20via%20policy%20in%20Chromium%20today%2C%20see%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D931204%23c5%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D931204%23c5%3C%2FA%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D930508%23c15%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D930508%23c15%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E...but%20it's%20something%20that%20the%20Edge%20team%20might%20look%20at%20if%20there%20were%20significant%20demand.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752687%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752687%22%20slang%3D%22en-US%22%3E%3CP%3Ei%20was%20trying%20--cipher-suite-blacklist%20i%20doesn't%20know%20it%20was%20denylist%20now%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eedit%3A%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752856%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752856%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOpened%20the%20URL%20you%20gave%20and%20read%20that.%3C%2FP%3E%3CP%3EWin%20key%20%2B%20R%20key%2C%20Entered%20regedit%20clicked%20OK.%3CBR%20%2F%3Enavigated%20to%3CBR%20%2F%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%3CBR%20%2F%3EAdd%20New%20Key%20Chromium%3CBR%20%2F%3EThen%20in%20that%20key%20add%20a%20String%20value%20named%20SSLVersionMin%3CBR%20%2F%3Eset%20the%20value%20of%20that%20to%20tls1.2%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123185iCA4FCCE275D66D90%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22msEdge_Chromium_Doesn't.jpg%22%20title%3D%22msEdge_Chromium_Doesn't.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20the%20same%20process%20I%20followed%20to%20get%20the%20Chrome%20browser%20shown%20below%20to%20work.%20Except%20it%20is%20in%20the%20Chrome%20Key%20under%20Google.%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123186i9BC7FF0819B8413B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22ChromeWorks.jpg%22%20title%3D%22ChromeWorks.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20supposed%20to%20be%20a%20another%20Parent%20key%20in%20between%20named%20something%20like%20MSEdge%20%3F%20ie.%20Computer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMSEdge%5CChromium%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752859%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752859%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftextslashplain.com%2F2019%2F05%2F01%2Fedge-76-vs-edge-18-vs-chrome%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftextslashplain.com%2F2019%2F05%2F01%2Fedge-76-vs-edge-18-vs-chrome%2F%3C%2FA%3E%3CBR%20%2F%3E---------%3CBR%20%2F%3EGroup%20Policy%20and%20Command%20Line%20Arguments%3CBR%20%2F%3EBy-default%2C%20Edge%2076%20shares%20almost%20all%20of%20the%20same%20Group%20Policies%20and%20command%20line%20arguments%20as%20Chrome%2076.%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%E2%80%99re%20using%20the%20registry%20to%20set%20a%20policy%20for%20Edge%2C%20put%20it%20under%20the%3CBR%20%2F%3E%3CBR%20%2F%3EHKEY_CURRENT_USER%5CSoftware%5CPolicies%5CMicrosoft%5CEdge%3CBR%20%2F%3E%E2%80%A6node%20instead%20of%20under%20the%3CBR%20%2F%3E%3CBR%20%2F%3EHKEY_CURRENT_USER%5CSoftware%5CPolicies%5CGoogle%5CChrome%3CBR%20%2F%3Enode.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-752879%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-752879%22%20slang%3D%22en-US%22%3EThanks!%3CBR%20%2F%3EThat%20was%20the%20missing%20piece.%20I%20was%20doing%20a%20strict%20enforcement%20of%20the%20document%20text%20you%20gave%20in%20the%20URL%20since%20I%20couldn't%20infer%20what%20keys%20the%20exe%20is%20reading%20when%20it%20launches.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20am%20using%20Version%2077.0.211.3%20(Official%20build)%20dev%20(64-bit)%3CBR%20%2F%3E%3CBR%20%2F%3EAfter%20you%20specified%20the%20other%20details%20I%20was%20able%20to%20add%20in%20the%20Microsoft%20key%20and%20the%20SSL%20test%20is%20working.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20other%20Google%20key%20for%20Chrome%20has%20to%20stay.%20We%20install%20multiple%20browsers%20on%20our%20workstations%20due%20to%20various%20client%20requirements.%3CBR%20%2F%3E%3CBR%20%2F%3E%3Athumbs_up%3A%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1090903%22%20slang%3D%22en-US%22%3ERe%3A%20TLS%201.3%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1090903%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20nice%20that%20Edge%20and%20Windows%2010%20and%202019%20support%20TLS%201.3.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20some%20Windows%20Update%20Servers%20(like%20%3CA%20href%3D%22https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Dfe2.update.microsoft.com%26amp%3BhideResults%3Don%26amp%3Blatest%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Efe2.update.microsoft.com%3C%2FA%3E%26nbsp%3Bon%20their%20IPv6%20addresses)%20only%20support%20those%20Ciphers%20that%20are%20known%20to%20be%20weak.%20Disabling%20those%20ciphers%20in%20Windows%2010%20or%202016%2F2019%20breaks%20Windows%20Update%20functionality.%20So%20more%20security%20actually%20turns%20into%20less%20security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Dfe2.update.microsoft.com%26amp%3Bs%3D2a01%253a111%253af330%253a1793%253a0%253a0%253a0%253aa21%26amp%3BhideResults%3Don%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.ssllabs.com%2Fssltest%2Fanalyze.html%3Fd%3Dfe2.update.microsoft.com%26amp%3Bs%3D2a01%253a111%253af330%253a1793%253a0%253a0%253a0%253aa21%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

TLS 1.3 is a very needed feature for those in corporate environments for our public facing websites. The speed advantages are immense in larger sites with no caching

28 Replies
Highlighted

Hmm, I added the policy key and restarted all browser session SSL test = no change, TLS 1 to 1.3 as yes.
I used command line msedge.exe --ssl-version-min=tls1.2 and it still tests with 1.0 as yes

EDITED It took a full computer restart and then this worked.
Opened InPrivate tab still tests as yes for 1.0. 

I have successfully set policy key for regular Chrome (\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\SSLVersionMin) and it was detected and works as expected.

I'll just have to create a shortcut using "msedge.exe --ssl-version-min=tls1.2"

Any other suggestions?

Restarting your computer should have no impact; the most likely explanation is that you had a zombie'd msedge.exe somewhere in the background which prevented the flag from taking effect. Visiting edge://version/ will show the command line of the current instance which will help confirm.

Similarly, I'm not able to reproduce your finding for InPrivate mode; when I launch with the command line flag, it's respected as expected while InPrivate.

How specifically did you "add the policy key"?

Highlighted

@ericlaw Can we had a way (in entreprise) like they do in firefox to reject tls 1.0 and 1.1 and other weak cipher suite ?

Highlighted
The SSLVersionMin policy allows enterprises to set a minimum TLS version.

Ciphersuites can be controlled via the cipher-suite-denylist command line argument (Chrome uses "cipher-suite-blacklist") as follows:

msedge.exe --ssl-version-min=tls1.2 --cipher-suite-denylist=0x000a https://ssllabs.com

This doesn't appear to be available via policy in Chromium today, see:
https://bugs.chromium.org/p/chromium/issues/detail?id=931204#c5
https://bugs.chromium.org/p/chromium/issues/detail?id=930508#c15

...but it's something that the Edge team might look at if there were significant demand.
Highlighted

i was trying --cipher-suite-blacklist i doesn't know it was denylist now

 

edit: thanks

Highlighted

@ericlaw 

Opened the URL you gave and read that.

Win key + R key, Entered regedit clicked OK.
navigated to
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies
Add New Key Chromium
Then in that key add a String value named SSLVersionMin
set the value of that to tls1.2

msEdge_Chromium_Doesn't.jpg

 

This is the same process I followed to get the Chrome browser shown below to work. Except it is in the Chrome Key under Google.

ChromeWorks.jpg

 

 

Is there supposed to be a another Parent key in between named something like MSEdge ? ie. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MSEdge\Chromium ?

Highlighted
https://textslashplain.com/2019/05/01/edge-76-vs-edge-18-vs-chrome/
---------
Group Policy and Command Line Arguments
By-default, Edge 76 shares almost all of the same Group Policies and command line arguments as Chrome 76.

If you’re using the registry to set a policy for Edge, put it under the

HKEY_CURRENT_USER\Software\Policies\Microsoft\Edge
…node instead of under the

HKEY_CURRENT_USER\Software\Policies\Google\Chrome
node.
Highlighted
Thanks!
That was the missing piece. I was doing a strict enforcement of the document text you gave in the URL since I couldn't infer what keys the exe is reading when it launches.

I am using Version 77.0.211.3 (Official build) dev (64-bit)

After you specified the other details I was able to add in the Microsoft key and the SSL test is working.

The other Google key for Chrome has to stay. We install multiple browsers on our workstations due to various client requirements.

:thumbs_up:
Highlighted

It is nice that Edge and Windows 10 and 2019 support TLS 1.3.

 

However some Windows Update Servers (like fe2.update.microsoft.com on their IPv6 addresses) only support those Ciphers that are known to be weak. Disabling those ciphers in Windows 10 or 2016/2019 breaks Windows Update functionality. So more security actually turns into less security.

 

https://www.ssllabs.com/ssltest/analyze.html?d=fe2.update.microsoft.com&s=2a01%3a111%3af330%3a1793%3...