Browser TLS 1.3 activated and your Firewall can’t handle it?

by butsch 2. September 2020 17:57

TLS 1.3

Some modern Browser switch to TLS 1.3 automatic if the Web server on the other side supports this. Like Version 72 of Chrome.exe or even your OS is like Windows 10 Buildnummer 20170 upwards (That means the OS itself). So it's all safer and faster?

The problem is that some Next Generation Web Filter (Firewall) can't look into the SSL-encryption anymore and find malware/Ransomware. With Browser self updating mechanism like in Chrome or Edge Chromium you suddenly have a constellation that you did not want. While you approved IE11/EDGE Updates in WSUS and mostly checked each new Release of the Browser before releasing it this has changed.

The interesting point is that also some Load Balancer are only able to break (Deep Inspect) traffic with really new Firmware releases. Customers demanded that feature since 2017 we see in diverse blogs and feature request portals of producers. So if you want to sniff into SSL (Break SSL Stream) and you're Firewall can't handle TLS 1.3 special you currently have a problem.

Check if your browser has TLS 1.3 active is easy


chrome://flags/#tls13-variant (Since Version 72 TLS 1.3 default)



As example Type edge://flags/ in the Browser URL window.

Or jump direct to the TLS 1.3 setting with edge://flags/#enable-tls13-early-data

Open following URL / Test Website to see what's supported:



Read more:





Hotfixes / Updates | W10 | SECURITY | FW Fortigate | FW Sophos

Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: