Upload
dangminh
View
234
Download
4
Embed Size (px)
Citation preview
Enable TLS 1.2 - What you need to know:
What are the types of connections/authentication that will be affected by the TLS 1 / 1.1 disable change?Only FTPS and HTTPS are impacted by external users.SFTP/SSH is not in scope.
What type of errors will the clients get if affected? Browser will return the message below or similar message depending on browser used:
Secure Connection Failed
The connection to sta.experian.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.
Learn more…
It looks like your network security settings might be causing this. Do you want the default settings to be restored?
Report errors like this to help Mozilla identify and block malicious sites
To fix, refer to setting steps in Browser Guide
How do I diagnose and resolve browser issues with HTTPS/TLS?Refer to setting steps in Browser Guide
How do I diagnose and resolve FTP client issues with FTPS/TLS?Refer to setting steps in FTP Client Software Guide
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.
FTP Client Software Guide
FTP CLIENT SOFTWARE TLS 1.2 Compatibility Notes
Ipswitch Use FTP/SSL (AUTHSSL), under Advanced SSL, all other check boxes should be unchecked
Filezilla Use OPTION “explicit FTP over TLS if available”
Winscp Go to Settings and check TLS/SSL Explicit encryption, then under Advanced choose TLS/SSL Maximum
TLS/SSL VERSION: TLS 1.2
CuteFTP NOT COMPATIBLE IN ANY VERSION
Emergency Work Around: post using HTTPs, we can offer Axway Secure Client (free of charge)
CoreFTP LE FTP (SSL DIRECT) is not compatible.
Use FTP (AUTH SSL) OR FTP (AUTH TLS) with SSL Listings, SSL Transfer, Clear (CCC) checked.
Also, check Windows SSL or Open SSL depending on environment.
MoveIt Central Must have version 9.0+ for TLS1.2. Anything lower will require upgrade to minimum of 9.0
What ciphers are available? Cipher suites for client initiated transfers using FTPS ‐and HTTPS:
TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.
Browser Guide The following table lists the most common internet browsers. The table lists each browser with the compatibility of TLS 1.2 for recent versions.
Browser TLS 1.2 Compatibility Notes
Microsoft Edge Compatible by Default
Desktop and mobile versions Compatible by Default
Microsoft Internet Explorer (IE) Varies by IE version and Windows OS version
Desktop and mobile IE version 11 Compatible by Default
Desktop IE versions 8, 9 and 10 Capable when run in Windows 7 or newer, but not by default. Windows Vista and older operating systems such as Windows XP are not compatible with TLS 1.2 encryption.
To enable TLS 1.2 on Internet Explorer:1. Open Internet Explorer.2. Select Tools > Internet Options.3. Select the Advanced tab.4. Scroll to the Security section.5. Check the Use TLS 1.2 checkbox to use strict encryption.6. Click OK.
Desktop IE versions 7 and below Not compatible or stable with TLS 1.2 encryption
Mozilla Firefox Compatible with the most recent, stable version, regardless of operating system
Firefox 27 and higher Compatible by Default
Firefox 24 to 26 Compatible but not by Default
Firefox 23 and below Not compatible with TLS 1.2 or higher encryption
Google Chrome CCompatible with the most recent, stable version, regardless of operating system
Google Chrome 38 and higher Compatible by Default
Google Chrome 22 to 37 Capable when run in Windows XP SP3, Vista, or newer (desktop), OS X 10.6 (Snow Leopard) or
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.
newer (desktop), or Android 2.3 (Gingerbread) or newer (mobile)
Google Chrome 21 and below Not Compatible with TLS 1.2 encryption
Google Android OS Browser
Android 6.0 (Marshmallow) and higher Compatible by Default
Android 5.0 (Lollipop) and higher Compatible by Default
Android 4.4 (KitKat) to 4.4.4 Compatible but not by Default
Android 4.3 (Jelly Bean) and below Not compatible with TLS 1.3 encryption
Apple Safari
Desktop Safari version 7 and higher for OS X 10.9 (Mavericks) and higher
Compatible by Default
Desktop Safari versions 6 and below for OS X 10.8 (Mountain Lion) and below
Not compatible with TLS 1.2 encryption
Mobile Safari version 5 and higher for iOS 5 and higher
Compatible by Default
Mobile Safari for iOS 4 and below Not compatible with TLS 1.2 encryption
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.
To update TLS settings in the following browsers, see below:
Microsoft Internet Explorer
1. Open Internet Explorer.2. From the menu bar, click Tools > Internet Options > Advanced tab.3. Scroll down to Security category, manually check the option box for Use TLS 1.1 and
Use TLS 1.2.4. Click OK.5. Close your browser and restart Internet Explorer.
Google Chrome
1. Open Google Chrome.2. Click Alt F and select Settings.3. Scroll down and select Show advanced settings...4. Scroll down to the Network section and click on Change proxy settings...5. Select the Advanced tab.6. Scroll down to Security category, manually check the option box for Use TLS 1.1 and
Use TLS 1.2.7. Click OK.
Firefox 43 supports TLS 1.0, 1.1, and 1.2 by default. You shouldn't need to make any changes, but you can double-check the settings here if you like:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.
(2) In the search box above the list, type or paste TLS and pause while the list is filtered
(3) If the security.tls.version.max preference is bolded and "user set" to a value other than 3, right-click > Reset the preference to restore the default value of 3
(4) If the security.tls.version.min preference is bolded and "user set" to a value other than 1, right-click > Reset the preference to restore the default value of 1
The values for these preferences mean:
1 => TLS 1.0 2 => TLS 1.1 3 => TLS 1.2
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.
Opera
1. Open Opera.2. Click Ctrl plus F12.3. Scroll down to the Network section and click on Change proxy settings...4. Select the Advanced tab.5. Scroll down to Security category, manually check the option box for Use TLS 1.1 and
Use TLS 1.2.6. Click OK.7. Close your browser and restart Opera.
Apple Safari
If you are using Safari version 7 or greater, TLS 1.1 and TLS 1.2 are automatically enabled.
End of Document
www.experian.com© 2017 Experian Information Solutions, Inc. All rights reserved.