Version history for TLS/SSL support in web browsers
History of web browser protocol support From Wikipedia, the free encyclopedia
Version history for TLS/SSL support in web browsers tracks the implementation of Transport Layer Security protocol versions in major web browsers.
| Browser or OS API |
Version | Platforms | SSL protocols | TLS protocols | Certificate support | Vulnerability[n 1] | Protocol selection by user[n 2] | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV[n 3][1] | SHA-2[2] | ECDSA[3] | BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[4][5] | Logjam | |||||
| Google Chrome (Chrome for Android)[n 8][n 9] |
1–9 | Windows (10+) macOS (11+) Linux Android (8.0+) iOS (16+) ChromeOS |
Disabled by default | Yes | Yes | No | No | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected[10] | Vulnerable (HTTPS) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |
| 10–20 | No[11] | Yes | Yes | No | No | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected | Vulnerable (HTTPS/SPDY) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
| 21 | No | Yes | Yes | No | No | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected | Mitigated[12] | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
| 22–29 | No | Yes | Yes | Yes[13] | No[13][14][15][16] | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary[n 11] | |||
| 30–32 | No | Yes | Yes | Yes | Yes[14][15][16] | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary[n 11] | |||
| 33–37 | No | Yes | Yes | Yes | Yes | No | Yes (only desktop) |
Requires SHA-2 compatible OS[2] | Needs ECC compatible OS[3] | Not affected | Mitigated | Partly mitigated[n 12] | Lowest priority[19][20][21] | Vulnerable (except Windows) |
Vulnerable | Temporary[n 11] | |||
| 38, 39 | No | Yes | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Partly mitigated | Lowest priority | Vulnerable (except Windows) |
Vulnerable | Temporary[n 11] | |||
| 40 | No | Disabled by default[18][22] | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Mitigated[n 13] | Lowest priority | Vulnerable (except Windows) |
Vulnerable | Yes[n 14] | |||
| 41, 42 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Mitigated | Lowest priority | Mitigated | Vulnerable | Yes[n 14] | |||
| 43 | No | Disabled by default | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Mitigated | Only as fallback[n 15][23] | Mitigated | Vulnerable | Yes[n 14] | |||
| 44–47 | No | No[24] | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Not affected | Only as fallback[n 15] | Mitigated | Mitigated[25] | Temporary[n 11] | |||
| 48, 49 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Needs ECC compatible OS[3] | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 50–53 | No | No | Yes | Yes | Yes | No | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 54–66 | No | No | Yes | Yes | Yes | Disabled by default (draft version) |
Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 67–69 | No | No | Yes | Yes | Yes | Yes (draft version) |
Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 70–83 | No | No | Yes | Yes | Yes | Yes | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 84–90 | No | No | Warn by default | Warn by default | Yes | Yes | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| 91–135 | No | No | No[28] | No[28] | Yes | Yes | Yes (only desktop) |
Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][26][27] | Mitigated | Mitigated | Temporary[n 11] | |||
| ESC 136 | 136 | ||||||||||||||||||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Microsoft Edge (Chromium-based) OS-independent |
79–83 | Windows (10+) macOS (11+) Linux Android (8.0+) iOS (16+) |
No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default | Mitigated | Mitigated | Yes[n 10] | |
| 84–90 | No | No | Warn by default | Warn by default | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default | Mitigated | Mitigated | Yes[n 10] | |||
| 91-135 | No | No | No[29] | No[29] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default | Mitigated | Mitigated | Yes[n 10] | |||
| ESC 136 | 136 | ||||||||||||||||||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Mozilla Firefox (Firefox for mobile)[n 17] |
1.0, 1.5 | Windows (10+) macOS (10.15+) Linux Android (5.0+) iOS (15+) ESR 115 only for: Windows (7–8.1) macOS (10.12–10.14) ESR 128+ only for: Windows (10+) macOS (10.15+) Linux |
Yes[30] | Yes[30] | Yes[30] | No | No | No | No | Yes[2] | No | Not affected[31] | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |
| 2 | Disabled by default[30][32] | Yes | Yes | No | No | No | No | Yes | Yes[3] | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
| 3–7 | Disabled by default | Yes | Yes | No | No | No | Yes | Yes | Yes | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
| 8–10 ESR 10 |
No[32] | Yes | Yes | No | No | No | Yes | Yes | Yes | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
| 11–14 | No | Yes | Yes | No | No | No | Yes | Yes | Yes | Not affected | Vulnerable (SPDY)[12] |
Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
| 15–22 ESR 17.0–17.0.10 |
No | Yes | Yes | No | No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
| ESR 17.0.11 | No | Yes | Yes | No | No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority[33][34] | Not affected | Vulnerable | Yes[n 10] | |||
| 23 | No | Yes | Yes | Disabled by default[35] | No | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 18] | |||
| 24, 25.0.0 ESR 24.0–24.1.0 |
No | Yes | Yes | Disabled by default | Disabled by default[36] | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 18] | |||
| 25.0.1, 26 ESR 24.1.1–24.8.1 |
No | Yes | Yes | Disabled by default | Disabled by default | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority[33][34] | Not affected | Vulnerable | Yes[n 18] | |||
| 27–33 ESR 31.0–31.2.0 |
No | Yes | Yes | Yes[37][38] | Yes[39][38] | No | Yes | Yes | Yes | Not affected | Mitigated | Vulnerable | Lowest priority | Not affected | Vulnerable | Yes[n 18] | |||
| 34, 35 ESR 31.3.0–31.7.0 |
No | Disabled by default[40][41] | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated[n 19] | Lowest priority | Not affected | Vulnerable | Yes[n 18] | |||
| ESR 31.8.0 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Lowest priority | Not affected | Mitigated[44] | Yes[n 18] | |||
| 36–38 ESR 38.0–38.0.1 |
No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Only as fallback[n 15][45] | Not affected | Vulnerable | Yes[n 18] | |||
| ESR 38.1.0–38.8.0 | No | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Mitigated | Only as fallback[n 15] | Not affected | Mitigated[44] | Yes[n 18] | |||
| 39–43 | No | No[46] | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Only as fallback[n 15] | Not affected | Mitigated[44] | Yes[n 18] | |||
| 44–48 ESR 45 |
No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16][47][48][49][50] | Not affected | Mitigated | Yes[n 18] | |||
| 49–59 ESR 52 |
No | No | Yes | Yes | Yes | Disabled by default (draft version)[51] |
Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | |||
| 60–62 ESR 60 |
No | No | Yes | Yes | Yes | Yes (draft version) |
Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | |||
| 63–77 ESR 68 |
No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | |||
| 78–137 ESR 78–115.22 ESR 128.0–128.9 |
No | No | Disabled by default[52] | Disabled by default[52] | Yes | Yes | Yes | Yes | Yes | Not affected | Mitigated | Not affected | Disabled by default[n 16] | Not affected | Mitigated | Yes[n 18] | |||
| ESR 115.23 | |||||||||||||||||||
| ESR 128.10 | |||||||||||||||||||
| 138 | |||||||||||||||||||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Microsoft Internet Explorer (1–10)[n 20] Windows Schannel |
1.x | Windows 3.1, 95, NT,[n 21][n 22] Mac OS 7, 8 |
No SSL/TLS support | ||||||||||||||||
| 2 | Yes | No | No | No | No | No | No | No | No | No SSL 3.0 or TLS support | Vulnerable | Vulnerable | Vulnerable | — | |||||
| 3 | Yes | Yes[55] | No | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | ? | |||
| 4, 5, 6 | Windows 3.1, 95, 98, NT, 2000[n 21][n 22] Mac OS 7.1, 8, X, Solaris, HP-UX |
Yes | Yes | Disabled by default[55] | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
| 6 | Windows XP[n 22] | Yes | Yes | Disabled by default | No | No | No | No | Yes (Since SP3)[n 23][56] | No | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
| 7, 8 | Disabled by default[57] | Yes | Yes[57] | No | No | No | Yes | Yes (Since SP3)[n 23][56] | No | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | |||
| 6 | Server 2003[n 22] | Yes | Yes | Disabled by default | No | No | No | No | Yes (KB938397+KB968730)[n 23][56] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated[60] | Mitigated[61] | Yes[n 10] | ||
| 7, 8 | Disabled by default[57] | Yes | Yes[57] | No | No | No | Yes | Yes (KB938397+KB968730)[n 23][56] |
No | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated[60] | Mitigated[61] | Yes[n 10] | |||
| 7, 8, 9 | Windows Vista | Disabled by default | Yes | Yes | No | No | No | Yes | Yes | Yes[3] | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated[60] | Mitigated[61] | Yes[n 10] | ||
| 7, 8, 9 | Server 2008 | Disabled by default | Yes | Yes | Disabled by default[62] (KB4019276)[n 24] |
Disabled by default[62] (KB4019276)[n 24] |
No | Yes | Yes | Yes[3] | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated[60] | Mitigated[61] | Yes[n 10] | ||
| 8, 9, 10 | 7, 8 Server 2008 R2 Server 2012 |
Disabled by default | Yes | Yes | Disabled by default[n 24][64] | Disabled by default[n 24][64] | No | Yes | Yes | Yes | Mitigated | Not affected | Vulnerable | Lowest priority[65][n 25] | Mitigated[60] | Mitigated[61] | Yes[n 10] | ||
| Internet Explorer 11[n 20] Windows Schannel |
11[n 26][67] | 7, 8.1 Server 2008 R2 Server 2012[67] Server 2012 R2 |
Disabled by default | Disabled by default[n 27] | Disabled by default[n 28] | Disabled by default[n 24][n 28] | Yes[n 24][73] | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated[n 27] | Disabled by default[n 16] | Mitigated[60] | Mitigated[61] | Yes[n 10] | |
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Microsoft Edge (12–18) (EdgeHTML-based) Client only Internet Explorer 11[n 20] Windows Schannel |
11 | 12–13 | Windows 10 1507–1511 | Disabled by default | Yes[63] | Yes | Yes | Yes[n 24] | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] |
| 11 | 14–18 (client only) |
Windows 10 1607–2004 Windows Server (SAC) 1709–2004 |
No[74] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
| Internet Explorer 11[n 20] Windows Schannel |
11[n 29] | Windows 10 20H2–21H2 Windows Server (SAC) 20H2 |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
| Windows 10 22H2 | |||||||||||||||||||
| Windows Schannel | Windows 11 21H2 | No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes[63] | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
| Windows 11 22H2 (Home/Pro) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows 11 22H2 (Ent/Edu) | |||||||||||||||||||
| Windows 11 23H2 (Home/Pro) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows 11 23H2 (Ent/Edu) | |||||||||||||||||||
| Windows 11 24H2 | No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Internet Explorer 11[n 20] LTSB/LTSC Windows Schannel LTSB/LTSC |
11 | Windows 10 LTSB 2015 (1507) |
Disabled by default | Yes[63] | Disabled by default[n 28] | Disabled by default[n 28] | Yes[n 24] | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |
| Windows 10 LTSB 2016 (1607) |
No[74] | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows Server 2016 (LTSB/1607) |
No[74] | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows 10 LTSC 2019 (1809) Windows Server 2019 (LTSC/1809) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows 10 LTSC 2021 (21H2) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | No[63] | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows Server 2022 (LTSC/21H2) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Windows Schannel LTSC |
Windows 11 LTSC 2024 (24H2) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | ||
| Windows Server 2025 (LTSC/24H2) |
No | Disabled by default | Disabled by default[n 28] | Disabled by default[n 28] | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | Yes[n 10] | |||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Microsoft Internet Explorer Mobile[n 20] | 7–9 | Windows Phone 7, 7.5, 7.8 | Disabled by default[57] | Yes | Yes | No[citation needed] | No[citation needed] | No | No[citation needed] | Yes | Yes[77] | ? | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 30] | |
| 10 | Windows Phone 8 | Disabled by default | Yes | Yes | Disabled by default[79] | Disabled by default[79] | No | No[citation needed] | Yes | Yes[80] | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 30] | ||
| 11 | Windows Phone 8.1 | Disabled by default | Yes | Yes | Yes[81] | Yes[81] | No | No[citation needed] | Yes | Yes | Mitigated | Not affected | Vulnerable | Only as fallback[n 15][82][83] | Vulnerable | Vulnerable | Only with 3rd party tools[n 30] | ||
| Microsoft Edge (13–15) (EdgeHTML-based)[n 31] |
13 | Windows 10 Mobile 1511 | Disabled by default | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | |
| 14, 15 | Windows 10 Mobile 1607–1709 |
No[74] | Disabled by default | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Apple Safari[n 32] | 1 | Mac OS X 10.2, 10.3 | No[88] | Yes | Yes | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |
| 2–5 | Mac OS X 10.4, 10.5, Win XP | No | Yes | Yes | No | No | No | Yes (Since v3.2) | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 3–5 | Vista, Win 7 | No | Yes | Yes | No | No | No | Yes (Since v3.2) | No | Yes[77] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 4–6 | Mac OS X 10.6, 10.7 | No | Yes | Yes | No | No | No | Yes | Yes[2] | Yes[3] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 6 | OS X 10.8 | No | Yes | Yes | No | No | No | Yes | Yes | Yes[3] | Mitigated[n 33] | Not affected | Mitigated[n 34] | Vulnerable[n 34] | Mitigated[94] | Vulnerable | No | ||
| 7, 9 | OS X 10.9 | No | Yes | Yes | Yes[95] | Yes[95] | No | Yes | Yes | Yes | Mitigated[90] | Not affected | Mitigated[n 34] | Vulnerable[n 34] | Mitigated[94] | Vulnerable | No | ||
| 8–10 | OS X 10.10 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated[n 34] | Lowest priority[96][n 34] | Mitigated[94] | Mitigated[97] | No | ||
| 9–11 | OS X 10.11 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | No | ||
| 10–15 | macOS 10.12, 10.13, 10.14, 10.15 |
No | No | Yes | Yes | Yes | Yes (Since macOS 10.14.4)[98] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| 14–17 | macOS 11, 12 | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| 16, 17 | 18 | macOS 13 | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | |
| 17 | 18 | macOS 14 | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | |
| 18 | macOS 15 | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Apple Safari (mobile)[n 35] |
3 | iPhone OS 1, 2 | No[102] | Yes | Yes | No | No | No | No | No | No | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |
| 4, 5 | iPhone OS 3, iOS 4 | No | Yes | Yes | No | No | No | Yes[103] | Yes | Yes (Since iOS 4)[77] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 5, 6 | iOS 5, 6 | No | Yes | Yes | Yes[99] | Yes[99] | No | Yes | Yes | Yes | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 7 | iOS 7 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes[104] | Mitigated[105] | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| 8 | iOS 8 | No | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Mitigated[n 34] | Lowest priority[106][n 34] | Mitigated[107] | Mitigated[108] | No | ||
| 9 | iOS 9 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | No | ||
| 10, 11 | iOS 10, 11 | No | No | Yes | Yes | Yes | No | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| 12 | iOS iOS 12 |
No | No | Yes | Yes | Yes | Yes (Since iOS 12.2)[98] | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| 13–16 | iOS 13, 14, 15, 16 |
No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| iPadOS 13, 14, 15, 16 | |||||||||||||||||||
| 17 | iOS 17 | No | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| iPadOS 17 | |||||||||||||||||||
| 18 | iOS 18 | No | No | ? | ? | Yes | Yes | Yes | Yes | Yes | Mitigated | Not affected | Not affected | Disabled by default[n 16] | Mitigated | Mitigated | No | ||
| iPadOS 18 | |||||||||||||||||||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV[n 3] | SHA-2 | ECDSA | BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[4][5] | Logjam | Protocol selection by user | |
| Google Android OS[109] | Android 1.0–4.0.4 | No | Yes | Yes | No | No | No | ? | Yes[2] | Yes (Since 3.0)[77][3] | ? | ? | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | ||
| Android 4.1–4.4.4 | No | Yes | Yes | Disabled by default[110] | Disabled by default[110] | No | ? | Yes | Yes | ? | ? | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
| Android 5.0–5.0.2 | No | Yes | Yes | Yes[110][111] | Yes[110][111] | No | ? | Yes | Yes | ? | ? | Vulnerable | Vulnerable | Vulnerable | Vulnerable | No | |||
| Android 5.1–5.1.1 | No | Disabled by default[citation needed] | Yes | Yes | Yes | No | ? | Yes | Yes | ? | ? | Not affected | Only as fallback[n 15] | Mitigated | Mitigated | No | |||
| Android 6.0–7.1.2 | No | Disabled by default[citation needed] | Yes | Yes | Yes | No | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 8.0–9 | No | No[112] | Yes | Yes | Yes | No | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 10–12L | No | No | Yes | Yes | Yes | Yes | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 13 | No | No | Yes | Yes | Yes | Yes | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 14 | No | No | Yes | Yes | Yes | Yes | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 15 | No | No | ? | ? | Yes | Yes | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Android 16 | No | No | ? | ? | Yes | Yes | ? | Yes | Yes | ? | ? | Not affected | Disabled by default | Mitigated | Mitigated | No | |||
| Browser or OS API |
Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 (deprecated) | TLS 1.1 (deprecated) | TLS 1.2 | TLS 1.3 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
| Color or Note | Significance | |
|---|---|---|
| Browser version | Platform | |
| Browser version | Operating system | Future release; under development |
| Browser version | Operating system | Current latest release |
| Browser version | Operating system | Former release; still supported |
| Browser version | Operating system | Former release; long-term support still active, but will end in less than 12 months |
| Browser version | Operating system | Former release; no longer supported |
| — | Operating system | Mixed/Unspecified |
| Operating system (Version+) | Minimum required operating system version (for supported versions of the browser) | |
| No longer supported for this operating system | ||
- Notes
- Whether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.
- Whether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.
- e.g. 1/n-1 record splitting.
- Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations.
- Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites with CBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier.
- When disabling SSL 3.0 manually, POODLE attack will fail.
- Complete mitigation; disabling cipher suites with RC4.
- Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower.
- Configure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers).
- configure the maximum and the minimum version of enabling protocols with command-line option.
- Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.
- All RC4 cipher suites are disabled by default.
- Uses the TLS implementation provided by NSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.
- Configure the maximum and the minimum version of enabling protocols via about:config.
- Windows NT 3.1 supports IE 1–2, Windows NT 3.5 supports IE 1–3, Windows NT 3.51 and Windows NT 4.0 supports IE 1–6.
- Windows XP as well as Server 2003 and older support only weak ciphers like Triple DES and RC4 out of the box.[58] The weak ciphers of these Schannel version are not only used for IE, but also for other Microsoft products running on this OS, like Microsoft Office or Windows Update. Only Windows Server 2003 can get a manual update to support AES ciphers by KB948963[59]
- MS13-095 or MS14-049 for Windows Server 2003, Windows XP x64 and Windows XP SP3 (32-bit).
- IE11 will continue to support these operating systems if they are with ESUs until at least October 13, 2026.
- Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine.
- Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7)[84] with unknown version,[85] Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2[86] Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2.[87]
- In September 2013, Apple implemented BEAST mitigation in OS X 10.8 (Mountain Lion), but it was not turned on by default, resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.[89][90] BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.[91]
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.