Version history for TLS/SSL support in web browsers

Version history for TLS/SSL support in web browsers tracks the implementation of Transport Layer Security protocol versions in major web browsers.

class=wikitable id=browsersTLS style=text-align:center;font-size:smaller;margin-top:0 \|+TLS/SSL support history of web browsers !rowspan=2\|Browser or OS API !colspan=2 rowspan=2\|Version !rowspan=2\|Platforms !colspan=2\|SSL protocols !colspan=4\|TLS protocols !colspan=3\|Certificate support !colspan=6\|Vulnerability{{refn\|group="n"\|name="note-sec"\|Note actual security depends on other factors such as negotiated cipher, encryption strength, etc. (see {{section link	Cipher}} table).}} !rowspan=2\|Protocol selection by userWhether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.
SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EVWhether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.{{cite web\|url=https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO10090&actp=search&viewlocale=en_US&searchid=1406590748892\|title=What browsers support Extended Validation (EV) and display an EV indicator?\|publisher=Symantec\|access-date=2014-07-28\|url-status=dead\|archive-url=https://web.archive.org/web/20151231171309/https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO10090&actp=search&viewlocale=en_US&searchid=1406590748892\|archive-date=2015-12-31}} !SHA-2{{cite web\|title=SHA-256 Compatibility\|access-date=2015-06-12\|url=https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility\|url-status=live\|archive-url=https://web.archive.org/web/20150701004324/https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility\|archive-date=2015-07-01}} !ECDSA{{cite web\|title=ECC Compatibility\|access-date=2015-06-13\|url=https://support.globalsign.com/customer/portal/articles/1995283-ecc-compatibility\|url-status=live\|archive-url=https://web.archive.org/web/20160217122951/https://support.globalsign.com/customer/portal/articles/1995283-ecc-compatibility\|archive-date=2016-02-17}} !BEASTe.g. 1/n-1 record splitting. !CRIMEe.g. Disabling header compression in HTTPS/SPDY. !POODLE (SSLv3) Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations. Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites with CBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier. When disabling SSL 3.0 manually, POODLE attack will fail. !RC4 Complete mitigation; disabling cipher suites with RC4. Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower. !FREAK{{cite web\|url=https://freakattack.com\|title=Tracking the FREAK Attack\|access-date=2015-03-08\|url-status=live\|archive-url=https://web.archive.org/web/20150306174623/https://freakattack.com\|archive-date=2015-03-06}}{{cite web\|url=https://www.smacktls.com/#freak\|title=FREAK: Factoring RSA Export Keys\|access-date=2015-03-08\|url-status=live\|archive-url=https://web.archive.org/web/20150311112517/https://www.smacktls.com/#freak\|archive-date=2015-03-11}} !Logjam
rowspan=19\|Google Chrome (Chrome for Android){{refn\|group="n"\|name="note-a"\|Google Chrome (and Chromium) supports TLS 1.0, and TLS 1.1 from version 22 (it was added, then dropped from version 21). TLS 1.2 support had been added, then dropped from Chrome 29.{{cite web\|author=\|url=http://googlechromereleases.blogspot.nl/2012/05/dev-channel-update_29.html\|title=Dev Channel Update\|date=2012-05-29\|access-date=2011-06-01\|url-status=live\|archive-url=https://web.archive.org/web/20130302032339/http://googlechromereleases.blogspot.nl/2012/05/dev-channel-update_29.html\|archive-date=2013-03-02}}{{cite web\|author=\|url=https://googlechromereleases.blogspot.co.uk/2012/08/stable-channel-update_21.html\|title=Stable Channel Update\|date=2012-08-21\|access-date=2012-08-22\|url-status=live\|archive-url=https://web.archive.org/web/20120825192441/http://googlechromereleases.blogspot.co.uk/2012/08/stable-channel-update_21.html\|archive-date=2012-08-25}}{{cite web\|author=Chromium Project\|url=https://src.chromium.org/viewvc/chrome?revision=203090&view=revision\|title=Chromium TLS 1.2 Implementation\|date=2013-05-30}}}}{{refn\|group="n"\|name="note-b"\|Uses the TLS implementation provided by BoringSSL for Android, OS X, and Windows{{cite web\|url=https://www.chromium.org/Home/chromium-security/boringssl\|title=The Chromium Project: BoringSSL\|access-date=2015-09-05\|url-status=live\|archive-url=https://web.archive.org/web/20150923033459/http://www.chromium.org/Home/chromium-security/boringssl\|archive-date=2015-09-23}} or by NSS for Linux. Google is switching the TLS library used in Chrome to BoringSSL from NSS completely.}} \|colspan=2 style=background:salmon\|1–9 \|rowspan=19\|Windows (10+) macOS (11+) Linux Android (8.0+) iOS (16+) ChromeOS \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected{{cite web\|url=http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html\|title=Chrome Stable Release\|work=Chrome Releases\|date=2011-10-25\|access-date=2015-02-01\|url-status=live\|archive-url=https://web.archive.org/web/20150220020306/http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html\|archive-date=2015-02-20}}}} \|{{No\|Vulnerable (HTTPS)}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Yes\|YesConfigure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers).}}
colspan=2 style=background:salmon\|10–20 \|{{Yes\|No}}{{cite web\|url=https://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=72316:67679&mode=html\|archive-url=https://archive.today/20140619142454/http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=72316:67679&mode=html\|url-status=dead\|archive-date=2014-06-19\|title=SVN revision log on Chrome 10.0.648.127 release\|access-date=2014-06-19}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable (HTTPS/SPDY)}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|21 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated{{cite web\|url=https://www.imperialviolet.org/2012/09/21/crime.html\|title=ImperialViolet – CRIME\|date=2012-09-22\|access-date=2014-10-18\|url-status=live\|archive-url=https://web.archive.org/web/20150110195746/https://www.imperialviolet.org/2012/09/21/crime.html\|archive-date=2015-01-10}}}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|22–29 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|url=https://sites.google.com/site/tlsssloverview/ssl-v-tls/tls-versions-and-browser-compatability\|title=SSL/TLS Overview\|date=2008-08-06\|access-date=2013-03-29\|url-status=live\|archive-url=https://web.archive.org/web/20130703043525/https://sites.google.com/site/tlsssloverview/ssl-v-tls/tls-versions-and-browser-compatability\|archive-date=2013-07-03}} \|{{No}}{{cite web\|url=https://code.google.com/p/chromium/issues/detail?id=90392\|title=Chromium Issue 90392\|date=2008-08-06\|access-date=2013-06-28\|url-status=live\|archive-url=https://web.archive.org/web/20130803110745/http://code.google.com/p/chromium/issues/detail?id=90392\|archive-date=2013-08-03}}{{cite web\|url=https://codereview.chromium.org/23503030\|title=Issue 23503030 Merge 219882\|date=2013-09-03\|access-date=2013-09-19\|url-status=live\|archive-url=https://web.archive.org/web/20140226230020/https://codereview.chromium.org/23503030\|archive-date=2014-02-26}}{{cite web\|url=http://code.google.com/p/chromium/issues/detail?id=278370\|title=Issue 278370: Unable to submit client certificates over TLS 1.2 from Windows\|date=2013-08-23\|access-date=2013-10-03\|url-status=live\|archive-url=https://web.archive.org/web/20131005021656/http://code.google.com/p/chromium/issues/detail?id=278370\|archive-date=2013-10-05}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Partial\|Temporaryconfigure the maximum and the minimum version of enabling protocols with command-line option.}}
colspan=2 style=background:salmon\|30–32 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|33–37 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Partial\|Requires SHA-2 compatible OS}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Partial\|Partly mitigated{{refn\|group="n"\|name="note-Chrome33-POODLE"\|TLS_FALLBACK_SCSV is implemented.{{cite web\|last=Möller\|first=Bodo\|title=This POODLE bites: exploiting the SSL 3.0 fallback\|work=Google Online Security blog\|publisher=Google (via Blogspot)\|date=2014-10-14\|url=http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html\|access-date=2014-10-28\|url-status=live\|archive-url=https://web.archive.org/web/20141028003952/http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html\|archive-date=2014-10-28}} Fallback to SSL 3.0 is disabled since version 39.{{cite web\|title=An update on SSLv3 in Chrome.\|work=Security-dev\|date=2014-10-31\|url=https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4\|access-date=2014-11-04}}}}}} \|{{Partial\|Lowest priority{{cite web\|url=http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html\|work=Mozilla Developer Network\|title=Stable Channel Update\|date=2014-02-20\|access-date=2014-11-14\|url-status=live\|archive-url=https://web.archive.org/web/20141024210105/http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html\|archive-date=2014-10-24}}{{cite web\|url=https://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=232870:241107&mode=html\|archive-url=https://archive.today/20140116153037/http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=232870:241107&mode=html\|url-status=dead\|archive-date=2014-01-16\|work=Google\|title=Changelog for Chrome 33.0.1750.117\|access-date=2014-11-14}}{{cite web\|url=https://code.google.com/p/chromium/issues/detail?id=318442\|title=Issue 318442: Update to NSS 3.15.3 and NSPR 4.10.2\|access-date=2014-11-14\|url-status=live\|archive-url=https://web.archive.org/web/20150315043755/https://code.google.com/p/chromium/issues/detail?id=318442\|archive-date=2015-03-15}}}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|38, 39 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Partial\|Partly mitigated}} \|{{Partial\|Lowest priority}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|40 \|{{Yes\|No}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://codereview.chromium.org/693963003\|title=Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it. – Code Review\|access-date=2015-01-22\|url-status=live\|archive-url=https://web.archive.org/web/20150416072943/https://codereview.chromium.org/693963003\|archive-date=2015-04-16}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated{{refn\|group="n"\|name="note-Chrome40-POODLE"\|In addition to TLS_FALLBACK_SCSV and disabling a fallback to SSL 3.0, SSL 3.0 itself is disabled by default.}}}} \|{{Partial\|Lowest priority}} \|{{No\|Vulnerable (except Windows)}} \|{{No\|Vulnerable}} \|{{Yes\|Yes{{refn\|group="n"\|name="chromeflags"\|Configure the minimum version of enabling protocols via chrome://flags (the maximum version can be configured with command-line option).}}}}
colspan=2 style=background:salmon\|41, 42 \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Lowest priority}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|43 \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Only as fallback{{cite web\|url=https://code.google.com/p/chromium/issues/detail?id=375342\|title=Issue 375342: Drop RC4 Support\|access-date=2015-05-22\|url-status=live\|archive-url=https://web.archive.org/web/20150912071452/https://code.google.com/p/chromium/issues/detail?id=375342\|archive-date=2015-09-12}}}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|44–47 \|{{Yes\|No}} \|{{Yes\|No}}{{cite web\|url=https://code.google.com/p/chromium/issues/detail?id=436391\|title=Issue 436391: Add info on end of life of SSLVersionFallbackMin & SSLVersionMin policy in documentation\|access-date=2015-04-19\|url-status=live\|archive-url=https://web.archive.org/web/20150418095600/http://code.google.com/p/chromium/issues/detail?id=436391\|archive-date=2015-04-18}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Partial\|Only as fallback}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}}{{cite web\|url=https://code.google.com/p/chromium/issues/detail?id=490240\|title=Issue 490240: Increase minimum DH size to 1024 bits (tracking bug)\|access-date=2015-05-29\|url-status=live\|archive-url=https://web.archive.org/web/20150912081831/https://code.google.com/p/chromium/issues/detail?id=490240\|archive-date=2015-09-12}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|48, 49 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Partial\|Needs ECC compatible OS}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}}{{cite web\|url=https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/kVfCywocUO8/2BW3INFdDwAJ\|title=Intent to deprecate: RC4\|access-date=2015-12-21}}{{cite web\|url=https://googleonlinesecurity.blogspot.com/2015/12/an-update-on-sha-1-certificates-in.html\|title=An update on SHA-1 certificates in Chrome\|date=2015-12-18\|access-date=2015-12-21\|url-status=live\|archive-url=https://web.archive.org/web/20151218214756/https://googleonlinesecurity.blogspot.com/2015/12/an-update-on-sha-1-certificates-in.html\|archive-date=2015-12-18}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|50–53 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|54–66 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Disabled by default}} (draft version) \|{{Yes}} (only desktop) \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|67–69 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Yes}} (draft version) \|{{Yes}} (only desktop) \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|70–83 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|84–90 \|{{Yes\|No}} \|{{Yes\|No}} \|{{Partial\|Warn by default}} \|{{Partial\|Warn by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} (only desktop) \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Temporary}}
colspan=2 style=background:salmon\|91–135 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}}{{cite web\|url=https://support.google.com/chrome/a/answer/7679408?hl=en\|title=Chrome Enterprise release notes - Google Chrome Enterprise Help}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} (only desktop) \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Partial\|Temporary}}
style=background:khaki\|{{nowrap\|ESC 136}} \|style=background:#a0e75a\|137
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=4\|Microsoft Edge (Chromium-based) OS-independent \|colspan=2 style=background:salmon\|79–83 \|rowspan=4\|Windows (10+) macOS (11+) Linux Android (8.0+) iOS (16+) \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|84–90 \|{{Yes\|No}} \|{{Yes\|No}} \|{{Partial\|Warn by default}} \|{{Partial\|Warn by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|91-135 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}}{{cite web\|url=https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#sslversionmin\|title=Microsoft Edge Browser Policy Documentation \| Microsoft Docs\|website=Docs.microsoft.com\|date=2021-10-15\|access-date=2022-02-15}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Yes}}
style=background:khaki\|{{nowrap\|ESC 136}} \|style=background:#a0e75a\|137
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=24\|Mozilla Firefox (Firefox for mobile){{refn\|group=n\|name=note-c\|Uses the TLS implementation provided by NSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.}} \|colspan=2 style=background:salmon\|1.0, 1.5 \|rowspan=24\|Windows (10+) macOS (10.15+) Linux Android (5.0+) iOS (15+) ~~Firefox OS~~ ~~Maemo~~ ESR 115 only for: Windows (7–8.1) macOS (10.12–10.14) ESR 128+ only for: Windows (10+) macOS (10.15+) Linux \|{{No\|Yes}}{{cite web\|url=https://developer.mozilla.org/en-US/Firefox/Releases/2/Security_changes\|title=Security in Firefox 2\|date=2008-08-06\|access-date=2009-03-31\|url-status=live\|archive-url=https://web.archive.org/web/20140714142705/https://developer.mozilla.org/en-US/Firefox/Releases/2/Security_changes\|archive-date=2014-07-14}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{Yes}} \|{{No}} \|{{Yes\|Not affected{{cite web\|url=https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications\|title=Attack against TLS-protected communications\|work=Mozilla Security Blog\|publisher=Mozilla\|date=2011-09-27\|access-date=2015-02-01\|url-status=live\|archive-url=https://web.archive.org/web/20150304221307/https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications\|archive-date=2015-03-04}}}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|2 \|{{Partial\|Disabled by default}}{{cite web\|url=https://developer.mozilla.org/en-US/docs/Introduction_to_SSL\|title=Introduction to SSL\|publisher=MDN\|access-date=2014-06-19\|url-status=live\|archive-url=https://web.archive.org/web/20140714205945/https://developer.mozilla.org/en-US/docs/Introduction_to_SSL\|archive-date=2014-07-14}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|3–7 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|8–10 {{nowrap\|ESR 10}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|11–14 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable (SPDY)}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|15–22 {{nowrap\|ESR 17.0–17.0.10}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|{{nowrap\|ESR 17.0.11}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{Partial\|Lowest priority}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|23 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=565047\|title=Bug 565047 – (RFC4346) Implement TLS 1.1 (RFC 4346)\|access-date=2013-10-29}} \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes{{refn\|group="n"\|name=aboutconfig\|Configure the maximum and the minimum version of enabling protocols via about:config.}}}}
colspan=2 style=background:salmon\|24, 25.0.0 {{nowrap\|ESR 24.0–24.1.0}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=480514\|title=Bug 480514 – Implement support for TLS 1.2 (RFC 5246)\|access-date=2013-10-29}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|25.0.1, 26 {{nowrap\|ESR 24.1.1–24.8.1}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{Partial\|Lowest priority{{cite web\|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes\|work=Mozilla Developer Network\|title=NSS 3.15.3 Release Notes\|publisher=Mozilla\|access-date=2014-07-13\|url-status=live\|archive-url=https://web.archive.org/web/20140605001016/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes\|archive-date=2014-06-05}}{{cite web\|url=https://www.mozilla.org/security/announce/2013/mfsa2013-103.html\|work=Mozilla\|title=MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities\|access-date=2014-07-13\|url-status=live\|archive-url=https://web.archive.org/web/20140714121632/http://www.mozilla.org/security/announce/2013/mfsa2013-103.html\|archive-date=2014-07-14}}}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|27–33 {{nowrap\|ESR 31.0–31.2.0}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=733647\|title=Bug 733647 – Implement TLS 1.1 (RFC 4346) in Gecko (Firefox, Thunderbird), on by default\|access-date=2013-12-04}}{{cite web\|url=https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-US/firefox/27.0/releasenotes\|title=Firefox Notes – Desktop\|date=2014-02-04\|access-date=2014-02-04\|url-status=live\|archive-url=https://web.archive.org/web/20140207095334/https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-US/firefox/27.0/releasenotes\|archive-date=2014-02-07}} \|{{Yes}}{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=861266\|title=Bug 861266 – Implement TLS 1.2 (RFC 5246) in Gecko (Firefox, Thunderbird), on by default\|access-date=2013-11-18}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{Partial\|Lowest priority}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|34, 35 {{nowrap\|ESR 31.3.0–31.7.0}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}}{{cite web\|title=The POODLE Attack and the End of SSL 3.0\|work=Mozilla blog\|publisher=Mozilla\|date=2014-10-14\|url=https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0\|access-date=2014-10-28\|url-status=live\|archive-url=https://web.archive.org/web/20141018231351/https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0\|archive-date=2014-10-18}}{{cite web\|url=https://www.mozilla.org/en-US/firefox/34.0/releasenotes\|title=Firefox — Notes (34.0) — Mozilla\|publisher=mozilla.org\|date=2014-12-01\|access-date=2015-04-03\|url-status=live\|archive-url=https://web.archive.org/web/20150409022558/https://www.mozilla.org/en-US/firefox/34.0/releasenotes\|archive-date=2015-04-09}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated{{refn\|group="n"\|name=Fx-POODLE\|SSL 3.0 itself is disabled by default. In addition, fallback to SSL 3.0 is disabled since version 34,{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1083058\|title=Bug 1083058 – A pref to control TLS version fallback\|publisher=bugzilla.mozilla.org\|access-date=2014-11-06}} and TLS_FALLBACK_SCSV is implemented since 35.0 and ESR 31.3.0.{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1036737\|title=Bug 1036737 – Add support for draft-ietf-tls-downgrade-scsv to Gecko/Firefox\|publisher=bugzilla.mozilla.org\|access-date=2014-10-29}}}}}} \|{{Partial\|Lowest priority}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|{{nowrap\|ESR 31.8.0}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Lowest priority}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|36–38 {{nowrap\|ESR 38.0–38.0.1}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Only as fallbackOnly when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1088915\|title=Bug 1088915 – Stop offering RC4 in the first handshakes\|publisher=bugzilla.mozilla.org\|access-date=2014-11-04}}}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|{{nowrap\|ESR 38.1.0–38.8.0}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Partial\|Only as fallback}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|39–43 \|{{Yes\|No}} \|{{Yes\|No}}{{cite web\|url=https://www.mozilla.org/en-US/firefox/39.0/releasenotes\|title=Firefox — Notes (39.0) — Mozilla\|publisher=mozilla.org\|date=2015-06-30\|access-date=2015-07-03\|url-status=live\|archive-url=https://web.archive.org/web/20150703163249/https://www.mozilla.org/en-US/firefox/39.0/releasenotes\|archive-date=2015-07-03}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Partial\|Only as fallback}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}}{{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1166031\|title=Bug 1166031 – Update to NSS 3.19.1\|publisher=bugzilla.mozilla.org\|access-date=2015-05-29}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|44–48 {{nowrap\|ESR 45}} \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}}All RC4 cipher suites are disabled by default.{{cite news\|url=https://venturebeat.com/2015/09/01/google-microsoft-and-mozilla-will-drop-rc4-support-in-chrome-edge-ie-and-firefox-next-year\|title=Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year\|work=VentureBeat\|date=2015-09-01\|access-date=2015-09-05\|url-status=live\|archive-url=https://web.archive.org/web/20150905214154/http://venturebeat.com/2015/09/01/google-microsoft-and-mozilla-will-drop-rc4-support-in-chrome-edge-ie-and-firefox-next-year\|archive-date=2015-09-05}}{{cite web\|url=https://groups.google.com/forum/#!searchin/mozilla.dev.platform/rc4/mozilla.dev.platform/JIEFcrGhqSM/CIjtpwxoLQAJ\|title=Intent to ship: RC4 disabled by default in Firefox 44\|access-date=2015-10-18\|url-status=live\|archive-url=http://arquivo.pt/wayback/20110122130054/https://groups.google.com/forum/#!searchin/mozilla.dev.platform/rc4/mozilla.dev.platform/JIEFcrGhqSM/CIjtpwxoLQAJ\|archive-date=2011-01-22}}{{cite web\|url=https://www.fxsitecompat.com/en-US/docs/2015/rc4-is-now-allowed-only-on-whitelisted-sites\|title=RC4 is now allowed only on whitelisted sites (Reverted)\|access-date=2015-11-02}}{{cite web\|url=https://www.mozilla.org/en-US/firefox/44.0/releasenotes\|title=Firefox — Notes (44.0) — Mozilla\|publisher=mozilla.org\|date=2016-01-26\|access-date=2016-03-09\|url-status=live\|archive-url=https://web.archive.org/web/20160304025010/https://www.mozilla.org/en-US/firefox/44.0/releasenotes\|archive-date=2016-03-04}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|49–59 {{nowrap\|ESR 52}} \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Disabled by default}} (draft version){{cite web\|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1342082\|title=Bug 1342082 – Disable TLS 1.3 for FF52 Release\|access-date=2017-03-29}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|60–62 {{nowrap\|ESR 60}} \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Yes}} (draft version) \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|63–77 {{nowrap\|ESR 68}} \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|78–138 {{nowrap\|ESR 78–115.23 ESR 128.0–128.10}} \|rowspan=4 {{Yes\|No}} \|rowspan=4 {{Yes\|No}} \|rowspan=4 {{Partial\|Disabled by default}}{{cite web\|url=https://www.mozilla.org/en-US/firefox/78.0/releasenotes\|title=Firefox 78.0, See All New Features, Updates and Fixes}} \|rowspan=4 {{Partial\|Disabled by default}} \|rowspan=4 {{Yes}} \|rowspan=4 {{Yes}} \|rowspan=4 {{Yes}} \|rowspan=4 {{Yes}} \|rowspan=4 {{Yes}} \|rowspan=4 {{Yes\|Not affected}} \|rowspan=4 {{Yes\|Mitigated}} \|rowspan=4 {{Yes\|Not affected}} \|rowspan=4 {{Yes\|Disabled by default}} \|rowspan=4 {{Yes\|Not affected}} \|rowspan=4 {{Yes\|Mitigated}} \|rowspan=4 {{Yes\|Yes}}
colspan=2 style=background:#fc9\|{{nowrap\|ESR 115.24}}
colspan=2 style=background:khaki\|{{nowrap\|ESR 128.11}}
colspan=2 style=background:#a0e75a\|139
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
!rowspan=11\|Microsoft Internet Explorer (1–10){{refn\|group="n"\|name="note-d"\|IE uses the TLS implementation of the Microsoft Windows operating system provided by the Schannel security support provider. TLS 1.1 and 1.2 are disabled by default until IE11.{{cite web\|author=Microsoft\|url=https://msdn.microsoft.com/en-us/library/aa380123.aspx\|title=Secure Channel\|date=2012-09-05\|access-date=2012-10-18\|url-status=live\|archive-url=https://web.archive.org/web/20120829025314/http://msdn.microsoft.com/en-us/library/aa380123.aspx\|archive-date=2012-08-29}}{{cite web\|author=Microsoft\|url=https://msdn.microsoft.com/en-us/library/dd208005.aspx\|title=MS-TLSP Appendix A\|date=2009-02-27\|access-date=2009-03-19\|url-status=live\|archive-url=https://web.archive.org/web/20130927055954/http://msdn.microsoft.com/en-us/library/dd208005.aspx\|archive-date=2013-09-27}}}} Windows Schannel \|colspan=2 style=background:salmon\|1.x \|rowspan=3 style=background:salmon rowspan=3\|Windows 3.1, 95, NT,Windows NT 3.1 supports IE 1–2, Windows NT 3.5 supports IE 1–3, Windows NT 3.51 and Windows NT 4.0 supports IE 1–6. Mac OS 7, 8 \|colspan=16\|No SSL/TLS support
colspan=2 style=background:salmon\|2 \|{{No\|Yes}} \|No \|No \|No \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|colspan=3\|No SSL 3.0 or TLS support \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{N/A}}
colspan=2 style=background:salmon\|3 \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|title=What browsers only support SSLv2?\|url=https://stackoverflow.com/q/881563\|access-date=2014-06-19}} \|No \|No \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{dunno}}
colspan=2 style=background:salmon\|4, 5, 6 \|style=background:salmon\|Windows 3.1, 95, 98, NT, 2000 Mac OS 7.1, 8, X, Solaris, HP-UX \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|6 \|rowspan=2 style=background:salmon\|Windows XP \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{Partial\|Yes (Since SP3)}}MS13-095 or MS14-049 for Windows Server 2003, Windows XP x64 and Windows XP SP3 (32-bit).{{cite web\|url=https://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx\|title=SHA2 and Windows – Windows PKI blog – Site Home – TechNet Blogs\|date=2010-09-30\|access-date=2014-07-29\|url-status=live\|archive-url=https://web.archive.org/web/20140716230537/http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx\|archive-date=2014-07-16}} \|{{No}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|7, 8 \|{{Partial\|Disabled by default}}{{cite web\|url=https://msdn.microsoft.com/en-us/library/bb250503.aspx\|title=HTTPS Security Improvements in Internet Explorer 7\|access-date=2013-10-29\|url-status=live\|archive-url=https://web.archive.org/web/20131010205312/http://msdn.microsoft.com/en-us/library/bb250503.aspx\|archive-date=2013-10-10}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Partial\|Yes (Since SP3)}} \|{{No}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|6 \|rowspan=2 style=background:salmon\|Server 2003{{refn\|group="n"\|name="note-k"\|Windows XP as well as Server 2003 and older support only weak ciphers like Triple DES and RC4 out of the box.{{cite web\|url=https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512.aspx\|title=TLS Cipher Suites\|publisher=Microsoft\|url-status=live\|archive-url=https://web.archive.org/web/20170313125201/https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512.aspx\|archive-date=2017-03-13}} The weak ciphers of these Schannel version are not only used for IE, but also for other Microsoft products running on this OS, like Microsoft Office or Windows Update. Only Windows Server 2003 can get a manual update to support AES ciphers by KB948963{{cite web\|url=http://support.microsoft.com/kb/948963\|title=Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps\|access-date=2017-07-19\|url-status=live\|archive-url=https://web.archive.org/web/20150311105145/http://support.microsoft.com/kb/948963\|archive-date=2015-03-11}}}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{Partial\|Yes (KB938397+KB968730)}} \|{{No}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}}{{cite tech report\|author=MSRC\|author-link=Microsoft Security Response Center\|date=2015-03-10\|url=https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-031\|title=Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)\|website=Security Bulletins\|number=MS15-031\|access-date=2021-10-24\|via=Microsoft Docs}} \|{{Yes\|Mitigated}}{{cite tech report\|author=MSRC\|author-link=Microsoft Security Response Center\|date=2015-05-12\|url=https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-055\|title=Vulnerability in Schannel Could Allow Information Disclosure (3061518)\|website=Security Bulletins\|number=MS15-055\|access-date=2021-10-24\|via=Microsoft Docs}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|7, 8 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Partial\|Yes (KB938397+KB968730)}} \|{{No}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|7, 8, 9 \|style=background:salmon\|Windows Vista \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|{{nowrap\|7, 8, 9}} \|style=background:salmon\|Server 2008 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://support.microsoft.com/kb/4019276\|title=Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009\|access-date=2017-07-19}} (KB4019276){{refn\|group="n"\|name="TLS≠DTLS"\|DTLS protocol counterpart version, however, is not supported.{{Cite web\|url=https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-\|title=Protocols in TLS/SSL (Schannel SSP) - Win32 apps\|website=learn.microsoft.com\|access-date=2022-02-20}}}} \|{{Partial\|Disabled by default (KB4019276)}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=2 style=background:salmon\|8, 9, 10 \|style=background:salmon\|7, 8 Server 2008 R2 Server 2012 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://blogs.msdn.com/b/ieinternals/archive/2009/06/19/windows-7-support-for-tls-and-ciphers.aspx\|title=Windows 7 adds support for TLSv1.1 and TLSv1.2 – IEInternals – Site Home – MSDN Blogs\|access-date=2013-10-29\|url-status=live\|archive-url=https://web.archive.org/web/20131226222853/http://blogs.msdn.com/b/ieinternals/archive/2009/06/19/windows-7-support-for-tls-and-ciphers.aspx\|archive-date=2013-12-26}} \|{{Partial\|Disabled by default}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Partial\|Lowest priority{{cite web\|url=https://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption\|title=Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption\|publisher=Microsoft Security\|date=2014-11-11\|access-date=2014-11-14\|last=Thomlinson\|first=Matt\|url-status=live\|archive-url=https://web.archive.org/web/20141114143813/http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption\|archive-date=2014-11-14}}{{refn\|group="n"\|name="RC4fallbackWin7"\|RC4 can be disabled except as a fallback (Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback).{{Cite web\|url=https://support.microsoft.com/en-us/topic/microsoft-security-advisory-update-for-disabling-rc4-479fd6f0-c7b5-0671-975b-c45c3f2c0540\|archiveurl=https://web.archive.org/web/20150311053342/http://support.microsoft.com/kb/2868725\|url-status=dead\|title=Microsoft security advisory: Update for disabling RC4\|archive-date=11 March 2015\|website=Support.microsoft.com\|access-date=20 February 2022}}}}}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
\|Internet Explorer 11 Windows Schannel \|colspan=2 style=background:salmon\|11{{refn\|group="n"\|IE11 will continue to support these operating systems if they are with ESUs until at least October 13, 2026.}}{{cite web\|url=https://support.microsoft.com/en-us/help/4492872/update-for-internet-explorer-april-16-2019\|title=Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard\|date=2019-04-16\|website=Microsoft Support}} \|style=background:salmon\|7, 8.1 Server 2008 R2 Server 2012 Server 2012 R2 \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}}{{refn\|group="n"\|name="ie11_ssl3"\|Fallback to SSL 3.0 is sites blocked by default in Internet Explorer 11 for Protected Mode.{{cite web\|url=https://blogs.msdn.com/b/ie/archive/2015/02/10/february-2015-security-updates-for-internet-explorer.aspx\|title=February 2015 security updates for Internet Explorer\|date=2015-02-11\|access-date=2015-02-11\|url-status=live\|archive-url=https://web.archive.org/web/20150211031724/http://blogs.msdn.com/b/ie/archive/2015/02/10/february-2015-security-updates-for-internet-explorer.aspx\|archive-date=2015-02-11}}{{cite web\|url=https://support.microsoft.com/kb/3038778\|title=Update turns on the setting to disable SSL 3.0 fallback for protected mode sites by default in Internet Explorer 11\|access-date=2015-02-11\|url-status=live\|archive-url=https://web.archive.org/web/20150214082207/http://support.microsoft.com/kb/3038778\|archive-date=2015-02-14}} SSL 3.0 is disabled by default in Internet Explorer 11 since April 2015.{{cite tech report\|author=MSRC\|author-link=Microsoft Security Response Center\|date=2014-10-14\|url=https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008\|title=Vulnerability in SSL 3.0 Could Allow Information Disclosure\|website=Security Advisories\|number=3009008\|access-date=2021-10-24\|via=Microsoft Docs}}}} \|{{Partial\|Disabled by default}}{{refn\|group="n"\|name="IE_&_EDGE_TLS_1.x"\|TLS 1.0 and 1.1 are disabled by default in Internet Explorer 11 and EdgeHTML since September 2022.{{cite web\|url=https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11\|title=Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default\|first=Kyle\|last=Pflug\|date=2020-03-31\|website=Windows Blogs}}{{cite web\|url=https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e\|title=KB5017811—Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change on September 20, 2022\|accessdate=2023-01-09\|website=Microsoft Support}}}} \|{{Partial\|Disabled by default}} \|{{Yes}}{{cite web\|author=Microsoft\|url=https://blogs.msdn.com/b/ieinternals/archive/2013/09/24/internet-explorer-11-changelist-change-log.aspx\|title=IE11 Changes\|date=2013-09-24\|access-date=2013-11-01\|url-status=live\|archive-url=https://web.archive.org/web/20131030114356/http://blogs.msdn.com/b/ieinternals/archive/2013/09/24/internet-explorer-11-changelist-change-log.aspx\|archive-date=2013-10-30}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=2\|Microsoft Edge (12–18) (EdgeHTML-based) Client only Internet Explorer 11 Windows Schannel \|style=background:salmon\|11 \|style=background:salmon\|12–13 \|style=background:salmon\|Windows 10 1507–1511 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes\|Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:salmon\|11 \|style=background:salmon\|14–18 (client only) \|style=background:salmon\|Windows 10 1607–2004 Windows Server (SAC) 1709–2004 \|{{Yes\|No}}{{cite web\|date=2017-03-21\|url=https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016\|title=TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016\|publisher=Microsoft\|accessdate=2017-03-29\|url-status=dead\|archiveurl=https://web.archive.org/web/20170330011044/https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016\|archivedate=2017-03-30}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
rowspan=2\|Internet Explorer 11 Windows Schannel \|rowspan=2 colspan=2 style=background:salmon\|11{{refn\|group="n"\|name="IE11EOL"\|IE11 ran out of support for GAC (formerly CB and SAC) editions of Windows 10 since June 15, 2022.{{cite web\|url=https://blogs.windows.com/windowsexperience/2022/06/15/internet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know\|title=Internet Explorer 11 has retired and is officially out of support—what you need to know\|date=June 15, 2022}}{{cite web\|url=https://docs.microsoft.com/lifecycle/announcements/internet-explorer-11-end-of-support-windows-10\|title=Internet Explorer 11 desktop app support ended for certain versions of Windows 10\|date=June 15, 2022}}}} \|style=background:salmon\|Windows 10 20H2–21H2 Windows Server (SAC) 20H2 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Yes}} \|rowspan=2 {{No}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Yes}}
style=background:#fc9\|Windows 10 22H2
rowspan=6\|Windows Schannel \|colspan=3 style=background:salmon\|Windows 11 21H2 \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=3 style=background:salmon\|Windows 11 22H2 (Home/Pro) \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Yes}}
colspan=3 style=background:#fc9\|Windows 11 22H2 (Ent/Edu)
colspan=3 style=background:#fc9\|Windows 11 23H2 (Home/Pro) \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Partial\|Disabled by default}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Yes}}
colspan=3 style=background:khaki\|Windows 11 23H2 (Ent/Edu)
colspan=3 style=background:#a0e75a\|Windows 11 24H2 \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
rowspan=6\|Internet Explorer 11 LTSB/LTSC Windows Schannel LTSB/LTSC \|colspan=2 rowspan=6 style=background:khaki\|11 \|style=background:#fc9\|Windows 10 LTSB 2015 (1507) \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes\|Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:khaki\|Windows 10 LTSB 2016 (1607) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:khaki\|Windows Server 2016 (LTSB/1607) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:khaki\|Windows 10 LTSC 2019 (1809) Windows Server 2019 (LTSC/1809) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:khaki\|Windows 10 LTSC 2021 (21H2) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
style=background:khaki\|Windows Server 2022 (LTSC/21H2) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
rowspan=2\|Windows Schannel LTSC \|colspan=3 style=background:#a0e75a\|Windows 11 LTSC 2024 (24H2) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
colspan=3 style=background:#a0e75a\|Windows Server 2025 (LTSC/24H2) \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{Yes\|Yes}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=3\|Microsoft Internet Explorer Mobile \|colspan=2 style=background:salmon\|7–9 \|style=background:salmon\|Windows Phone 7, 7.5, 7.8 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|No{{Citation needed\|date=January 2015}} \|{{No}}{{Citation needed\|date=January 2015}} \|{{No}} \|{{No}}{{Citation needed\|date=January 2015}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Partial\|Only with 3rd party tools{{refn\|group="n"\|name="viaregistry"\|Could be disabled via registry editing but need 3rd Party tools to do this.{{cite web\|url=http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203\|title=POODLE SSL vulnerability – secure your Windo… – Windows Phone 8 Development and Hacking\|work=XDA Developers\|url-status=live\|archive-url=https://web.archive.org/web/20160923053812/http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203\|archive-date=2016-09-23}}}}}}
colspan=2 style=background:salmon\|10 \|style=background:salmon\|Windows Phone 8 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}}{{cite web\|url=https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2ddee177-5086-4453-987b-d02b6a7ec62d/what-tls-version-is-used-in-windows-phone-8-for-secure-http-connections?forum=wpdevelop\|title=What TLS version is used in Windows Phone 8 for secure HTTP connections?\|publisher=Microsoft\|access-date=2014-11-07\|url-status=live\|archive-url=https://web.archive.org/web/20160304063257/https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2ddee177-5086-4453-987b-d02b6a7ec62d/what-tls-version-is-used-in-windows-phone-8-for-secure-http-connections?forum=wpdevelop\|archive-date=2016-03-04}} \|{{Partial\|Disabled by default}} \|{{No}} \|{{No}}{{Citation needed\|date=January 2015}} \|{{Yes}} \|{{Yes}}{{cite web\|url=https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0\|title=Qualys SSL Labs – Projects/User Agent Capabilities: Unknown\|url-status=live\|archive-url=https://web.archive.org/web/20170301141459/https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0\|archive-date=2017-03-01}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Partial\|Only with 3rd party tools}}
colspan=2 style=background:salmon\|11 \|style=background:salmon\|Windows Phone 8.1 \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|date=2014-06-25\|url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-phone/dn756283(v=technet.10)\|title=Platform Security\|department=TechNet\|website=Microsoft Docs\|access-date=2021-10-24}} \|{{Yes}} \|{{No}} \|{{No}}{{Citation needed\|date=January 2015}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{Partial\|Only as fallback{{cite web\|date=2013-06-24\|url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/dn303404(v=ws.11)\|title=Release Notes: Important Issues in Windows 8.1 Preview\|department=TechNet\|website=Microsoft Docs\|access-date=2021-10-24}}{{cite web\|url=https://community.qualys.com/thread/12092\|title=W8.1(IE11) vs RC4\|work=Qualys Community\|access-date=2014-11-04\|url-status=live\|archive-url=https://web.archive.org/web/20141104093736/https://community.qualys.com/thread/12092\|archive-date=2014-11-04}}}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{Partial\|Only with 3rd party tools}}
rowspan=2\|Microsoft Edge (13–15) (EdgeHTML-based)Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine. \|colspan=2 style=background:salmon\|13 \|style=background:salmon\|Windows 10 Mobile 1511 \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 style=background:salmon\|14, 15 \|style=background:salmon\|Windows 10 Mobile 1607–1709 \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Mitigated}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=14\|Apple Safari{{refn\|group="n"\|name="note-g"\|Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7){{cite web\|last=Adrian\|first=Dimcev\|title=Common browsers/libraries/servers and the associated cipher suites implemented\|url=http://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_annex_a1_main.docx\|work=TLS Cipher Suites Project\|url-status=live\|archive-url=https://web.archive.org/web/20130720081424/http://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_annex_a1_main.docx\|archive-date=2013-07-20}} with unknown version,{{cite web\|title=Features\|work=Safari\|publisher=Apple\|date=2009-06-10\|url=https://www.apple.com/safari/features.html\|access-date=2009-06-10\|url-status=live\|archive-url=https://web.archive.org/web/20130420164115/http://www.apple.com/safari/features.html\|archive-date=2013-04-20}} Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2{{cite web\|title=Curl: Patch to add TLS 1.1 and 1.2 support & replace deprecated functions in SecureTransport\|publisher=haxx.se\|location=Sweden\|url=http://curl.haxx.se/mail/lib-2012-08/0120.html\|url-status=live\|archive-url=https://web.archive.org/web/20170301142904/https://curl.haxx.se/mail/lib-2012-08/0120.html\|archive-date=2017-03-01}} Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2.{{cite web\|title=SSL Server Test: google.co.uk\|url=https://www.ssllabs.com/ssltest/analyze.html?d=google.co.uk\|url-status=live\|archiveurl=https://web.archive.org/web/20170201174935/https://www.ssllabs.com/ssltest/analyze.html?d=google.co.uk\|archivedate=February 1, 2017}}}} \|colspan=2 style=background:salmon\|1 \|style=background:salmon\|Mac OS X 10.2, 10.3 \|{{Yes\|No{{cite web\|title=Apple Secures Mac OS X with Mavericks Release\|publisher=eSecurity Planet\|date=2013-10-25\|url=http://www.esecurityplanet.com/mac-os-security/apple-secures-mac-os-x-with-mavericks-release.html\|access-date=2014-06-23\|url-status=live\|archive-url=https://web.archive.org/web/20140708195022/http://www.esecurityplanet.com/mac-os-security/apple-secures-mac-os-x-with-mavericks-release.html\|archive-date=2014-07-08}}}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|2–5 \|style=background:salmon\|Mac OS X 10.4, 10.5, Win XP \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Partial\|Yes (Since v3.2)}} \|{{No}} \|{{No}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|3–5 \|style=background:salmon\|Vista, Win 7 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Partial\|Yes (Since v3.2)}} \|{{No}} \|{{Yes}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|4–6 \|style=background:salmon\|Mac OS X 10.6, 10.7 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|6 \|style=background:salmon\|OS X 10.8 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated{{refn\|group="n"\|name="note-i"\|In September 2013, Apple implemented BEAST mitigation in OS X 10.8 (Mountain Lion), but it was not turned on by default, resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.{{cite web\|last=Ristic\|first=Ivan\|title=Is BEAST Still a Threat?\|publisher=Qualys\|date=2013-09-10\|url=https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat\|url-status=live\|archive-url=https://web.archive.org/web/20141012121824/https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat\|archive-date=2014-10-12}}{{cite web\|first=Ivan\|last=Ristić\|title=Apple enabled BEAST mitigations in OS X 10.9 Mavericks\|date=2013-10-31\|url=http://blog.ivanristic.com/2013/10/apple-enabled-beast-mitigations-in-mavericks.html\|access-date=2013-11-07\|url-status=live\|archive-url=https://web.archive.org/web/20131107045223/http://blog.ivanristic.com/2013/10/apple-enabled-beast-mitigations-in-mavericks.html\|archive-date=2013-11-07}} BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.{{cite web\|first=Ivan\|last=Ristić\|title=Apple finally releases patch for BEAST\|publisher=Qualys\|date=2014-02-26\|url=https://community.qualys.com/thread/12496\|access-date=2014-07-01\|url-status=live\|archive-url=https://web.archive.org/web/20140714162556/https://community.qualys.com/thread/12496\|archive-date=2014-07-14}}}}}} \|{{Yes\|Not affected}} \|{{Partial\|Mitigated{{refn\|group="n"\|name="note-safari-poodle"\|Because Apple removed support for all CBC protocols in SSL 3.0 to mitigate POODLE,{{cite web\|title=About Security Update 2014-005\|work=Apple Support knowledge base article\|publisher=Apple\|url=http://support.apple.com/kb/HT6531\|url-status=live\|archive-url=https://web.archive.org/web/20141024181953/https://support.apple.com/kb/HT6531\|archive-date=2014-10-24}}{{cite web\|title=About the security content of iOS 8.1\|work=Apple Support knowledge base article\|publisher=Apple\|url=http://support.apple.com/kb/HT6541\|url-status=live\|archive-url=https://web.archive.org/web/20141023104948/http://support.apple.com/kb/HT6541\|archive-date=2014-10-23}} this leaves only RC4, which is also completely broken by the RC4 attacks in SSL 3.0.}}}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|7, 9 \|style=background:salmon\|OS X 10.9 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|title=About the security content of OS X Mavericks v10.9\|url=http://support.apple.com/kb/HT6011\|access-date=2014-06-20\|url-status=live\|archive-url=https://web.archive.org/web/20140704220956/http://support.apple.com/kb/HT6011\|archive-date=2014-07-04}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Partial\|Mitigated}} \|{{No\|Vulnerable}} \|{{Yes\|Mitigated}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|8–10 \|style=background:salmon\|OS X 10.10 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{yes\|Mitigated}} \|{{Partial\|Lowest priority{{cite web\|title=User Agent Capabilities: Safari 8/OS X 10.10\|publisher=Qualys SSL Labs\|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=OS%20X%2010.10\|access-date=2015-03-07\|url-status=live\|archive-url=https://web.archive.org/web/20150906044018/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=OS%20X%2010.10\|archive-date=2015-09-06}}}} \|{{Yes\|Mitigated{{cite web\|title=About Security Update 2015-002\|work=Apple Support knowledge base article\|publisher=Apple\|url=https://support.apple.com/en-us/HT204413\|access-date=2015-03-09\|url-status=live\|archive-url=https://web.archive.org/web/20150316081731/https://support.apple.com/en-us/HT204413\|archive-date=2015-03-16}}}} \|{{Yes\|Mitigated}}{{cite web\|url=https://support.apple.com/en-us/HT204942\|title=About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005\|access-date=2015-07-03\|url-status=live\|archive-url=https://web.archive.org/web/20150702202131/https://support.apple.com/en-us/HT204942\|archive-date=2015-07-02}} \|{{No}}
colspan=2 style=background:salmon\|9–11 \|style=background:salmon\|OS X 10.11 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Partial\|Lowest priority}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 style=background:salmon\|10–15 \|style=background:salmon\|macOS 10.12, 10.13, 10.14, 10.15 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Yes (Since macOS 10.14.4)}}{{cite mailing list\|url=https://mailarchive.ietf.org/arch/msg/tls/5QjzTilqjomSyzENtgfaAqQOhbA\|title=TLS 1.3 in iOS\|first=Tommy\|last=Pauly\|date=2019-01-29\|mailing-list=tls@ietf.org}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 style=background:salmon\|14–17 \|style=background:salmon\|macOS 11, 12 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
style=background:salmon\|16, 17 \|style=background:#fc9\|18 \|style=background:#fc9\|macOS 13 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
style=background:salmon\|17 \|style=background:khaki\|18 \|style=background:khaki\|macOS 14 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
style=background:#a0e75a colspan=2\|18 \|style=background:#a0e75a\|macOS 15 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 {{table-experimental\|26}} \|{{table-experimental\|macOS 26}} \|{{Yes\|No}} \|{{Yes\|No}} \|{{dunno}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=16\|{{Anchor\|Safari_Mobile}}Apple Safari (mobile){{refn\|group="n"\|name="note-h"\|Mobile Safari and third-party software utilizing the system UIWebView library use the iOS operating system implementation, which supports TLS 1.2 as of iOS 5.0.{{cite web\|title=Technical Note TN2287 – iOS 5 and TLS 1.2 Interoperability Issues\|publisher=Apple\|date=2011-10-14\|url=https://developer.apple.com/library/ios/#technotes/tn2287/_index.html\|access-date=2012-12-10\|url-status=live\|archive-url=https://web.archive.org/web/20110907013839/http://developer.apple.com/library/iOS/#technotes/tn2287/_index.html\|archive-date=2011-09-07}}{{cite news\|last=Liebowitz\|first=Matt\|title=Apple issues huge software security patches\|date=2011-10-13\|work=NBC News\|url=https://www.nbcnews.com/id/44896639\|archive-url=https://web.archive.org/web/20200215010125/http://www.nbcnews.com/id/44896639\|url-status=dead\|archive-date=February 15, 2020\|access-date=2012-12-10}}{{cite web\|website=MWR Info Security\|title=Adventures with iOS UIWebviews\|date=2012-04-16\|url=http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews\|access-date=2012-12-10\|url-status=live\|archive-url=https://web.archive.org/web/20130320091836/http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews\|archive-date=2013-03-20}}, section "HTTPS (SSL/TLS)"}} \|colspan=2 style=background:salmon\|3 \|style=background:salmon\|iPhone OS 1, 2 \|{{Yes\|No{{cite web\|title=Secure Transport Reference\|url=https://developer.apple.com/library/mac/documentation/security/Reference/secureTransportRef/Reference/reference.html#//apple_ref/c/tdef/SSLProtocol\|access-date=2014-06-23\|url-status=live\|archive-url=https://web.archive.org/web/20140604052511/https://developer.apple.com/library/Mac/documentation/Security/Reference/secureTransportRef/Reference/reference.html#//apple_ref/c/tdef/SSLProtocol\|archive-date=2014-06-04}}`kSSLProtocol2` is deprecated in iOS}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|4, 5 \|style=background:salmon\|iPhone OS 3, iOS 4 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{Yes}}{{cite web\|title=iPhone 3.0: Mobile Safari Gets Enhanced Security Certificate Visualization\|website=The iPhone Blog\|date=2009-03-31\|url=http://www.theiphoneblog.com/2009/03/31/iphone-30-mobile-safari-enhanced-security-certificate-visualization\|archive-url=https://web.archive.org/web/20090403074546/http://www.theiphoneblog.com/2009/03/31/iphone-30-mobile-safari-enhanced-security-certificate-visualization\|archive-date=2009-04-03}} \|{{Yes}} \|{{Partial\|Yes (Since iOS 4)}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|5, 6 \|style=background:salmon\|iOS 5, 6 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{No\|Vulnerable}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|7 \|style=background:salmon\|iOS 7 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}}{{cite web\|title=Projects/User Agent Capabilities: Safari 7/iOS 7.1\|publisher=Qualys SSL Labs\|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1\|url-status=live\|archive-url=https://web.archive.org/web/20170313130545/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1\|archive-date=2017-03-13}} \|{{Yes\|Mitigated{{cite web\|author=\|title=SOAP Request fails randomly on one Server but works on another on iOS7\|publisher=Stack Overflow\|date=2013-10-11\|url=https://stackoverflow.com/q/19221568\|access-date=2014-01-05}}}} \|{{Yes\|Not affected}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=2 style=background:salmon\|8 \|style=background:salmon\|iOS 8 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{yes\|Mitigated}} \|{{Partial\|Lowest priority{{cite web\|title=User Agent Capabilities: Safari 8/iOS 8.1.2\|publisher=Qualys SSL Labs\|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=iOS%208.1.2\|access-date=2015-03-07\|url-status=live\|archive-url=https://web.archive.org/web/20160304062526/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=iOS%208.1.2\|archive-date=2016-03-04}}}} \|{{Yes\|Mitigated{{cite web\|title=About the security content of iOS 8.2\|work=Apple Support knowledge base article\|publisher=Apple\|url=https://support.apple.com/en-us/HT204423\|access-date=2015-03-09\|url-status=live\|archive-url=https://web.archive.org/web/20150309201042/https://support.apple.com/en-us/HT204423\|archive-date=2015-03-09}}}} \|{{Yes\|Mitigated}}{{cite web\|url=https://support.apple.com/en-us/HT204941\|title=About the security content of iOS 8.4\|access-date=2015-07-03\|url-status=live\|archive-url=https://web.archive.org/web/20150703014410/https://support.apple.com/en-us/HT204941\|archive-date=2015-07-03}} \|{{No}}
colspan=2 style=background:salmon\|9 \|style=background:salmon\|iOS 9 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Partial\|Lowest priority}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 style=background:salmon\|10, 11 \|style=background:salmon\|iOS 10, 11 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=2 style=background:salmon\|12 \|style=background:salmon\|iOS iOS 12 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Partial\|Yes (Since iOS 12.2)}} \|{{Yes}} \|{{Yes}} \|{{Yes}} \|{{Yes\|Mitigated}} \|{{Yes\|Not affected}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
rowspan=2 colspan=2 style=background:salmon\|13–16 \|style=background:salmon\|iOS 13, 14, 15, 16 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{No\|Yes}} \|rowspan=2 {{No\|Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{No}}
style=background:salmon\|iPadOS 13, 14, 15, 16
rowspan=2 colspan=2 style=background:khaki\|17 \|style=background:salmon\|iOS 17 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{No\|Yes}} \|rowspan=2 {{No\|Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{No}}
style=background:khaki\|iPadOS 17
rowspan=2 colspan=2 style=background:#a0e75a\|18 \|style=background:#a0e75a\|iOS 18 \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{dunno}} \|rowspan=2 {{dunno}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{No}}
style=background:#a0e75a\|iPadOS 18
rowspan=2 colspan=2 {{table-experimental\|26}} \|{{table-experimental\|iOS 26}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{Yes\|No}} \|rowspan=2 {{dunno}} \|rowspan=2 {{dunno}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Not affected}} \|rowspan=2 {{Yes\|Disabled by default}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{Yes\|Mitigated}} \|rowspan=2 {{No}}
{{table-experimental\|iPadOS 26}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV !SHA-2 !ECDSA !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user
rowspan=11\|Google Android OS{{cite web\|url=https://developer.android.com/reference/javax/net/ssl/SSLSocket.html\|title=SSLSocket{{!}}Android Developers\|access-date=2015-03-11\|url-status=live\|archive-url=https://web.archive.org/web/20150318121117/http://developer.android.com/reference/javax/net/ssl/SSLSocket.html\|archive-date=2015-03-18}} \|colspan=3 style=background:salmon\|Android 1.0–4.0.4 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|No \|{{No}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Partial\|Yes (Since 3.0)}}{{cite web\|title=What browsers work with Universal SSL\|access-date=2015-06-15\|url=https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-Universal-SSL\|url-status=live\|archive-url=https://web.archive.org/web/20160304023941/https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-Universal-SSL\|archive-date=2016-03-04}} \|{{dunno}} \|{{dunno}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=3 style=background:salmon\|Android 4.1–4.4.4 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Partial\|Disabled by default}}{{cite web\|url=http://developer.android.com/reference/javax/net/ssl/SSLSocket.html\|title=SSLSocket{{!}}Android Developers\|access-date=2015-12-17\|url-status=live\|archive-url=https://web.archive.org/web/20160304202641/https://developer.android.com/reference/javax/net/ssl/SSLSocket.html\|archive-date=2016-03-04}} \|{{Partial\|Disabled by default}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=3 style=background:salmon\|Android 5.0–5.0.2 \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{No\|Yes}}{{cite web\|url=http://developer.android.com/about/versions/android-5.0-changes.html#ssl\|title=Android 5.0 Behavior Changes{{!}}Android Developers\|access-date=2015-03-11\|url-status=live\|archive-url=https://web.archive.org/web/20150309000956/http://developer.android.com/about/versions/android-5.0-changes.html#ssl\|archive-date=2015-03-09}} \|{{Yes}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No\|Vulnerable}} \|{{No}}
colspan=3 style=background:salmon\|Android 5.1–5.1.1 \|{{Yes\|No}} \|{{Partial\|Disabled by default}}{{Citation needed\|date=August 2016}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Partial\|Only as fallback}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:salmon\|Android 6.0–7.1.2 \|{{Yes\|No}} \|{{Partial\|Disabled by default}}{{Citation needed\|date=August 2016}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:salmon\|Android 8.0–9 \|{{Yes\|No}} \|{{Yes\|No}}{{cite web\|url=https://developer.android.com/about/versions/oreo/android-8.0-changes.html\|title=Android 8.0 Behavior Changes\|url-status=live\|archive-url=https://web.archive.org/web/20171201042705/https://developer.android.com/about/versions/oreo/android-8.0-changes.html\|archive-date=2017-12-01}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{No}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:salmon\|Android 10–12L \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:khaki\|Android 13 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:khaki\|Android 14 \|{{Yes\|No}} \|{{Yes\|No}} \|{{No\|Yes}} \|{{No\|Yes}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:khaki\|Android 15 \|{{Yes\|No}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
colspan=3 style=background:#a0e75a\|Android 16 \|{{Yes\|No}} \|{{Yes\|No}} \|{{Partial\|Disabled by default}} \|{{Partial\|Disabled by default}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{Yes}} \|{{Yes}} \|{{dunno}} \|{{dunno}} \|{{Yes\|Not affected}} \|{{Yes\|Disabled by default}} \|{{Yes\|Mitigated}} \|{{Yes\|Mitigated}} \|{{No}}
Browser or OS API !colspan=2\|Version !Platforms !SSL 2.0 (insecure) !SSL 3.0 (insecure) !TLS 1.0 (deprecated) !TLS 1.1 (deprecated) !TLS 1.2 !TLS 1.3 !EV certificate !SHA-2 certificate !ECDSA certificate !BEAST !CRIME !POODLE (SSLv3) !RC4 !FREAK !Logjam !Protocol selection by user

class=wikitable id=browsersTLS style=text-align:center;font-size:smaller;margin-top:0

|+TLS/SSL support history of web browsers

!rowspan=2|Browser
or OS API

!colspan=2 rowspan=2|Version

!rowspan=2|Platforms

!colspan=2|SSL protocols

!colspan=4|TLS protocols

!colspan=3|Certificate support

!colspan=6|Vulnerability{{refn|group="n"|name="note-sec"|Note actual security depends on other factors such as negotiated cipher, encryption strength, etc. (see {{section link

Cipher}} table).}}

!rowspan=2|Protocol selection by userWhether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.

SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EVWhether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.{{cite web|url=https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO10090&actp=search&viewlocale=en_US&searchid=1406590748892|title=What browsers support Extended Validation (EV) and display an EV indicator?|publisher=Symantec|access-date=2014-07-28|url-status=dead|archive-url=https://web.archive.org/web/20151231171309/https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO10090&actp=search&viewlocale=en_US&searchid=1406590748892|archive-date=2015-12-31}}

!SHA-2{{cite web|title=SHA-256 Compatibility|access-date=2015-06-12|url=https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility|url-status=live|archive-url=https://web.archive.org/web/20150701004324/https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility|archive-date=2015-07-01}}

!ECDSA{{cite web|title=ECC Compatibility|access-date=2015-06-13|url=https://support.globalsign.com/customer/portal/articles/1995283-ecc-compatibility|url-status=live|archive-url=https://web.archive.org/web/20160217122951/https://support.globalsign.com/customer/portal/articles/1995283-ecc-compatibility|archive-date=2016-02-17}}

!BEASTe.g. 1/n-1 record splitting.

!CRIMEe.g. Disabling header compression in HTTPS/SPDY.

!POODLE (SSLv3)

Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations.
Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites with CBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier.
When disabling SSL 3.0 manually, POODLE attack will fail.

!RC4

Complete mitigation; disabling cipher suites with RC4.
Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower.

!FREAK{{cite web|url=https://freakattack.com|title=Tracking the FREAK Attack|access-date=2015-03-08|url-status=live|archive-url=https://web.archive.org/web/20150306174623/https://freakattack.com|archive-date=2015-03-06}}{{cite web|url=https://www.smacktls.com/#freak|title=FREAK: Factoring RSA Export Keys|access-date=2015-03-08|url-status=live|archive-url=https://web.archive.org/web/20150311112517/https://www.smacktls.com/#freak|archive-date=2015-03-11}}

!Logjam

rowspan=19|Google Chrome
(Chrome for Android){{refn|group="n"|name="note-a"|Google Chrome (and Chromium) supports TLS 1.0, and TLS 1.1 from version 22 (it was added, then dropped from version 21). TLS 1.2 support had been added, then dropped from Chrome 29.{{cite web|author=|url=http://googlechromereleases.blogspot.nl/2012/05/dev-channel-update_29.html|title=Dev Channel Update|date=2012-05-29|access-date=2011-06-01|url-status=live|archive-url=https://web.archive.org/web/20130302032339/http://googlechromereleases.blogspot.nl/2012/05/dev-channel-update_29.html|archive-date=2013-03-02}}{{cite web|author=|url=https://googlechromereleases.blogspot.co.uk/2012/08/stable-channel-update_21.html|title=Stable Channel Update|date=2012-08-21|access-date=2012-08-22|url-status=live|archive-url=https://web.archive.org/web/20120825192441/http://googlechromereleases.blogspot.co.uk/2012/08/stable-channel-update_21.html|archive-date=2012-08-25}}{{cite web|author=Chromium Project|url=https://src.chromium.org/viewvc/chrome?revision=203090&view=revision|title=Chromium TLS 1.2 Implementation|date=2013-05-30}}}}{{refn|group="n"|name="note-b"|Uses the TLS implementation provided by BoringSSL for Android, OS X, and Windows{{cite web|url=https://www.chromium.org/Home/chromium-security/boringssl|title=The Chromium Project: BoringSSL|access-date=2015-09-05|url-status=live|archive-url=https://web.archive.org/web/20150923033459/http://www.chromium.org/Home/chromium-security/boringssl|archive-date=2015-09-23}} or by NSS for Linux. Google is switching the TLS library used in Chrome to BoringSSL from NSS completely.}}

|colspan=2 style=background:salmon|1–9

|rowspan=19|Windows (10+)
macOS (11+)
Linux
Android (8.0+)
iOS (16+)
ChromeOS

|{{Partial|Disabled by default}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected{{cite web|url=http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html|title=Chrome Stable Release|work=Chrome Releases|date=2011-10-25|access-date=2015-02-01|url-status=live|archive-url=https://web.archive.org/web/20150220020306/http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html|archive-date=2015-02-20}}}}

|{{No|Vulnerable
(HTTPS)}}

|{{No|Vulnerable}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Yes|YesConfigure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers).}}

colspan=2 style=background:salmon|10–20

|{{Yes|No}}{{cite web|url=https://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=72316:67679&mode=html|archive-url=https://archive.today/20140619142454/http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=72316:67679&mode=html|url-status=dead|archive-date=2014-06-19|title=SVN revision log on Chrome 10.0.648.127 release|access-date=2014-06-19}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{No|Vulnerable
(HTTPS/SPDY)}}

|{{No|Vulnerable}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|21

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated{{cite web|url=https://www.imperialviolet.org/2012/09/21/crime.html|title=ImperialViolet – CRIME|date=2012-09-22|access-date=2014-10-18|url-status=live|archive-url=https://web.archive.org/web/20150110195746/https://www.imperialviolet.org/2012/09/21/crime.html|archive-date=2015-01-10}}}}

|{{No|Vulnerable}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|22–29

|{{Yes|No}}

|{{No|Yes}}

|{{No|Yes}}{{cite web|url=https://sites.google.com/site/tlsssloverview/ssl-v-tls/tls-versions-and-browser-compatability|title=SSL/TLS Overview|date=2008-08-06|access-date=2013-03-29|url-status=live|archive-url=https://web.archive.org/web/20130703043525/https://sites.google.com/site/tlsssloverview/ssl-v-tls/tls-versions-and-browser-compatability|archive-date=2013-07-03}}

|{{No}}{{cite web|url=https://code.google.com/p/chromium/issues/detail?id=90392|title=Chromium Issue 90392|date=2008-08-06|access-date=2013-06-28|url-status=live|archive-url=https://web.archive.org/web/20130803110745/http://code.google.com/p/chromium/issues/detail?id=90392|archive-date=2013-08-03}}{{cite web|url=https://codereview.chromium.org/23503030|title=Issue 23503030 Merge 219882|date=2013-09-03|access-date=2013-09-19|url-status=live|archive-url=https://web.archive.org/web/20140226230020/https://codereview.chromium.org/23503030|archive-date=2014-02-26}}{{cite web|url=http://code.google.com/p/chromium/issues/detail?id=278370|title=Issue 278370: Unable to submit client certificates over TLS 1.2 from Windows|date=2013-08-23|access-date=2013-10-03|url-status=live|archive-url=https://web.archive.org/web/20131005021656/http://code.google.com/p/chromium/issues/detail?id=278370|archive-date=2013-10-05}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Partial|Temporaryconfigure the maximum and the minimum version of enabling protocols with command-line option.}}

colspan=2 style=background:salmon|30–32

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|33–37

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Partial|Requires SHA-2 compatible OS}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Partly mitigated{{refn|group="n"|name="note-Chrome33-POODLE"|TLS_FALLBACK_SCSV is implemented.{{cite web|last=Möller|first=Bodo|title=This POODLE bites: exploiting the SSL 3.0 fallback|work=Google Online Security blog|publisher=Google (via Blogspot)|date=2014-10-14|url=http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html|access-date=2014-10-28|url-status=live|archive-url=https://web.archive.org/web/20141028003952/http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html|archive-date=2014-10-28}} Fallback to SSL 3.0 is disabled since version 39.{{cite web|title=An update on SSLv3 in Chrome.|work=Security-dev|date=2014-10-31|url=https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4|access-date=2014-11-04}}}}}}

|{{Partial|Lowest priority{{cite web|url=http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html|work=Mozilla Developer Network|title=Stable Channel Update|date=2014-02-20|access-date=2014-11-14|url-status=live|archive-url=https://web.archive.org/web/20141024210105/http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html|archive-date=2014-10-24}}{{cite web|url=https://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=232870:241107&mode=html|archive-url=https://archive.today/20140116153037/http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=232870:241107&mode=html|url-status=dead|archive-date=2014-01-16|work=Google|title=Changelog for Chrome 33.0.1750.117|access-date=2014-11-14}}{{cite web|url=https://code.google.com/p/chromium/issues/detail?id=318442|title=Issue 318442: Update to NSS 3.15.3 and NSPR 4.10.2|access-date=2014-11-14|url-status=live|archive-url=https://web.archive.org/web/20150315043755/https://code.google.com/p/chromium/issues/detail?id=318442|archive-date=2015-03-15}}}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|38, 39

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Partly mitigated}}

|{{Partial|Lowest priority}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|40

|{{Yes|No}}

|{{Partial|Disabled by default}}{{cite web|url=https://codereview.chromium.org/693963003|title=Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it. – Code Review|access-date=2015-01-22|url-status=live|archive-url=https://web.archive.org/web/20150416072943/https://codereview.chromium.org/693963003|archive-date=2015-04-16}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Mitigated{{refn|group="n"|name="note-Chrome40-POODLE"|In addition to TLS_FALLBACK_SCSV and disabling a fallback to SSL 3.0, SSL 3.0 itself is disabled by default.}}}}

|{{Partial|Lowest priority}}

|{{No|Vulnerable
(except Windows)}}

|{{No|Vulnerable}}

|{{Yes|Yes{{refn|group="n"|name="chromeflags"|Configure the minimum version of enabling protocols via chrome://flags (the maximum version can be configured with command-line option).}}}}

colspan=2 style=background:salmon|41, 42

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Lowest priority}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|43

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Only as fallback{{cite web|url=https://code.google.com/p/chromium/issues/detail?id=375342|title=Issue 375342: Drop RC4 Support|access-date=2015-05-22|url-status=live|archive-url=https://web.archive.org/web/20150912071452/https://code.google.com/p/chromium/issues/detail?id=375342|archive-date=2015-09-12}}}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|44–47

|{{Yes|No}}

|{{Yes|No}}{{cite web|url=https://code.google.com/p/chromium/issues/detail?id=436391|title=Issue 436391: Add info on end of life of SSLVersionFallbackMin & SSLVersionMin policy in documentation|access-date=2015-04-19|url-status=live|archive-url=https://web.archive.org/web/20150418095600/http://code.google.com/p/chromium/issues/detail?id=436391|archive-date=2015-04-18}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Partial|Only as fallback}}

|{{Yes|Mitigated}}

|{{Yes|Mitigated}}{{cite web|url=https://code.google.com/p/chromium/issues/detail?id=490240|title=Issue 490240: Increase minimum DH size to 1024 bits (tracking bug)|access-date=2015-05-29|url-status=live|archive-url=https://web.archive.org/web/20150912081831/https://code.google.com/p/chromium/issues/detail?id=490240|archive-date=2015-09-12}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|48, 49

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Partial|Needs ECC compatible OS}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}{{cite web|url=https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/kVfCywocUO8/2BW3INFdDwAJ|title=Intent to deprecate: RC4|access-date=2015-12-21}}{{cite web|url=https://googleonlinesecurity.blogspot.com/2015/12/an-update-on-sha-1-certificates-in.html|title=An update on SHA-1 certificates in Chrome|date=2015-12-18|access-date=2015-12-21|url-status=live|archive-url=https://web.archive.org/web/20151218214756/https://googleonlinesecurity.blogspot.com/2015/12/an-update-on-sha-1-certificates-in.html|archive-date=2015-12-18}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|50–53

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|54–66

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Disabled by default}}
(draft version)

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|67–69

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Yes}}
(draft version)

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|70–83

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|84–90

|{{Yes|No}}

|{{Partial|Warn by default}}

|{{Yes}}

|{{Yes}}
(only desktop)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Partial|Temporary}}

colspan=2 style=background:salmon|91–135

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Yes|No}}{{cite web|url=https://support.google.com/chrome/a/answer/7679408?hl=en|title=Chrome Enterprise release notes - Google Chrome Enterprise Help}}

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes}}
(only desktop)

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Partial|Temporary}}

style=background:khaki|{{nowrap|ESC 136}}

|style=background:#a0e75a|137

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=4|Microsoft Edge
(Chromium-based)
OS-independent

|colspan=2 style=background:salmon|79–83

|rowspan=4|Windows (10+)
macOS (11+)
Linux
Android (8.0+)
iOS (16+)

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|84–90

|{{Yes|No}}

|{{Partial|Warn by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|91-135

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Yes|No}}{{cite web|url=https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#sslversionmin|title=Microsoft Edge Browser Policy Documentation | Microsoft Docs|website=Docs.microsoft.com|date=2021-10-15|access-date=2022-02-15}}

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Yes}}

style=background:khaki|{{nowrap|ESC 136}}

|style=background:#a0e75a|137

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=24|Mozilla Firefox
(Firefox for mobile){{refn|group=n|name=note-c|Uses the TLS implementation provided by NSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.}}

|colspan=2 style=background:salmon|1.0, 1.5

|rowspan=24|Windows (10+)
macOS (10.15+)
Linux
Android (5.0+)
iOS (15+)
~~Firefox OS~~
~~Maemo~~

ESR 115 only for:
Windows (7–8.1)
macOS (10.12–10.14)

ESR 128+ only for:
Windows (10+)
macOS (10.15+)
Linux

|{{No|Yes}}{{cite web|url=https://developer.mozilla.org/en-US/Firefox/Releases/2/Security_changes|title=Security in Firefox 2|date=2008-08-06|access-date=2009-03-31|url-status=live|archive-url=https://web.archive.org/web/20140714142705/https://developer.mozilla.org/en-US/Firefox/Releases/2/Security_changes|archive-date=2014-07-14}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{No}}

|{{Yes|Not affected{{cite web|url=https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications|title=Attack against TLS-protected communications|work=Mozilla Security Blog|publisher=Mozilla|date=2011-09-27|access-date=2015-02-01|url-status=live|archive-url=https://web.archive.org/web/20150304221307/https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications|archive-date=2015-03-04}}}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|2

|{{Partial|Disabled by default}}{{cite web|url=https://developer.mozilla.org/en-US/docs/Introduction_to_SSL|title=Introduction to SSL|publisher=MDN|access-date=2014-06-19|url-status=live|archive-url=https://web.archive.org/web/20140714205945/https://developer.mozilla.org/en-US/docs/Introduction_to_SSL|archive-date=2014-07-14}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|3–7

|{{Partial|Disabled by default}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|8–10
{{nowrap|ESR 10}}

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|11–14

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{No|Vulnerable
(SPDY)}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|15–22
{{nowrap|ESR 17.0–17.0.10}}

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|{{nowrap|ESR 17.0.11}}

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Partial|Lowest priority}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|23

|{{Yes|No}}

|{{No|Yes}}

|{{Partial|Disabled by default}}{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=565047|title=Bug 565047 – (RFC4346) Implement TLS 1.1 (RFC 4346)|access-date=2013-10-29}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes{{refn|group="n"|name=aboutconfig|Configure the maximum and the minimum version of enabling protocols via about:config.}}}}

colspan=2 style=background:salmon|24, 25.0.0
{{nowrap|ESR 24.0–24.1.0}}

|{{Yes|No}}

|{{No|Yes}}

|{{Partial|Disabled by default}}

|{{Partial|Disabled by default}}{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=480514|title=Bug 480514 – Implement support for TLS 1.2 (RFC 5246)|access-date=2013-10-29}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|25.0.1, 26
{{nowrap|ESR 24.1.1–24.8.1}}

|{{Yes|No}}

|{{No|Yes}}

|{{Partial|Disabled by default}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Partial|Lowest priority{{cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes|work=Mozilla Developer Network|title=NSS 3.15.3 Release Notes|publisher=Mozilla|access-date=2014-07-13|url-status=live|archive-url=https://web.archive.org/web/20140605001016/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.15.3_release_notes|archive-date=2014-06-05}}{{cite web|url=https://www.mozilla.org/security/announce/2013/mfsa2013-103.html|work=Mozilla|title=MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities|access-date=2014-07-13|url-status=live|archive-url=https://web.archive.org/web/20140714121632/http://www.mozilla.org/security/announce/2013/mfsa2013-103.html|archive-date=2014-07-14}}}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|27–33
{{nowrap|ESR 31.0–31.2.0}}

|{{Yes|No}}

|{{No|Yes}}

|{{No|Yes}}{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=733647|title=Bug 733647 – Implement TLS 1.1 (RFC 4346) in Gecko (Firefox, Thunderbird), on by default|access-date=2013-12-04}}{{cite web|url=https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-US/firefox/27.0/releasenotes|title=Firefox Notes – Desktop|date=2014-02-04|access-date=2014-02-04|url-status=live|archive-url=https://web.archive.org/web/20140207095334/https://website-archive.mozilla.org/www.mozilla.org/firefox_releasenotes/en-US/firefox/27.0/releasenotes|archive-date=2014-02-07}}

|{{Yes}}{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=861266|title=Bug 861266 – Implement TLS 1.2 (RFC 5246) in Gecko (Firefox, Thunderbird), on by default|access-date=2013-11-18}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{Partial|Lowest priority}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|34, 35
{{nowrap|ESR 31.3.0–31.7.0}}

|{{Yes|No}}

|{{Partial|Disabled by default}}{{cite web|title=The POODLE Attack and the End of SSL 3.0|work=Mozilla blog|publisher=Mozilla|date=2014-10-14|url=https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0|access-date=2014-10-28|url-status=live|archive-url=https://web.archive.org/web/20141018231351/https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0|archive-date=2014-10-18}}{{cite web|url=https://www.mozilla.org/en-US/firefox/34.0/releasenotes|title=Firefox — Notes (34.0) — Mozilla|publisher=mozilla.org|date=2014-12-01|access-date=2015-04-03|url-status=live|archive-url=https://web.archive.org/web/20150409022558/https://www.mozilla.org/en-US/firefox/34.0/releasenotes|archive-date=2015-04-09}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Mitigated{{refn|group="n"|name=Fx-POODLE|SSL 3.0 itself is disabled by default. In addition, fallback to SSL 3.0 is disabled since version 34,{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1083058|title=Bug 1083058 – A pref to control TLS version fallback|publisher=bugzilla.mozilla.org|access-date=2014-11-06}} and TLS_FALLBACK_SCSV is implemented since 35.0 and ESR 31.3.0.{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1036737|title=Bug 1036737 – Add support for draft-ietf-tls-downgrade-scsv to Gecko/Firefox|publisher=bugzilla.mozilla.org|access-date=2014-10-29}}}}}}

|{{Partial|Lowest priority}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|{{nowrap|ESR 31.8.0}}

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Lowest priority}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|36–38
{{nowrap|ESR 38.0–38.0.1}}

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Only as fallbackOnly when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1088915|title=Bug 1088915 – Stop offering RC4 in the first handshakes|publisher=bugzilla.mozilla.org|access-date=2014-11-04}}}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|{{nowrap|ESR 38.1.0–38.8.0}}

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Partial|Only as fallback}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|39–43

|{{Yes|No}}

|{{Yes|No}}{{cite web|url=https://www.mozilla.org/en-US/firefox/39.0/releasenotes|title=Firefox — Notes (39.0) — Mozilla|publisher=mozilla.org|date=2015-06-30|access-date=2015-07-03|url-status=live|archive-url=https://web.archive.org/web/20150703163249/https://www.mozilla.org/en-US/firefox/39.0/releasenotes|archive-date=2015-07-03}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Partial|Only as fallback}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1166031|title=Bug 1166031 – Update to NSS 3.19.1|publisher=bugzilla.mozilla.org|access-date=2015-05-29}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|44–48
{{nowrap|ESR 45}}

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}All RC4 cipher suites are disabled by default.{{cite news|url=https://venturebeat.com/2015/09/01/google-microsoft-and-mozilla-will-drop-rc4-support-in-chrome-edge-ie-and-firefox-next-year|title=Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year|work=VentureBeat|date=2015-09-01|access-date=2015-09-05|url-status=live|archive-url=https://web.archive.org/web/20150905214154/http://venturebeat.com/2015/09/01/google-microsoft-and-mozilla-will-drop-rc4-support-in-chrome-edge-ie-and-firefox-next-year|archive-date=2015-09-05}}{{cite web|url=https://groups.google.com/forum/#!searchin/mozilla.dev.platform/rc4/mozilla.dev.platform/JIEFcrGhqSM/CIjtpwxoLQAJ|title=Intent to ship: RC4 disabled by default in Firefox 44|access-date=2015-10-18|url-status=live|archive-url=http://arquivo.pt/wayback/20110122130054/https://groups.google.com/forum/#!searchin/mozilla.dev.platform/rc4/mozilla.dev.platform/JIEFcrGhqSM/CIjtpwxoLQAJ|archive-date=2011-01-22}}{{cite web|url=https://www.fxsitecompat.com/en-US/docs/2015/rc4-is-now-allowed-only-on-whitelisted-sites|title=RC4 is now allowed only on whitelisted sites (Reverted)|access-date=2015-11-02}}{{cite web|url=https://www.mozilla.org/en-US/firefox/44.0/releasenotes|title=Firefox — Notes (44.0) — Mozilla|publisher=mozilla.org|date=2016-01-26|access-date=2016-03-09|url-status=live|archive-url=https://web.archive.org/web/20160304025010/https://www.mozilla.org/en-US/firefox/44.0/releasenotes|archive-date=2016-03-04}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|49–59
{{nowrap|ESR 52}}

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Disabled by default}}
(draft version){{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=1342082|title=Bug 1342082 – Disable TLS 1.3 for FF52 Release|access-date=2017-03-29}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|60–62
{{nowrap|ESR 60}}

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Yes}}
(draft version)

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|63–77
{{nowrap|ESR 68}}

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|78–138
{{nowrap|ESR 78–115.23
ESR 128.0–128.10}}

|rowspan=4 {{Yes|No}}

|rowspan=4 {{Partial|Disabled by default}}{{cite web|url=https://www.mozilla.org/en-US/firefox/78.0/releasenotes|title=Firefox 78.0, See All New Features, Updates and Fixes}}

|rowspan=4 {{Partial|Disabled by default}}

|rowspan=4 {{Yes}}

|rowspan=4 {{Yes|Not affected}}

|rowspan=4 {{Yes|Mitigated}}

|rowspan=4 {{Yes|Not affected}}

|rowspan=4 {{Yes|Disabled by default}}

|rowspan=4 {{Yes|Not affected}}

|rowspan=4 {{Yes|Mitigated}}

|rowspan=4 {{Yes|Yes}}

colspan=2 style=background:#fc9|{{nowrap|ESR 115.24}}

colspan=2 style=background:khaki|{{nowrap|ESR 128.11}}

colspan=2 style=background:#a0e75a|139

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

!rowspan=11|Microsoft Internet Explorer
(1–10){{refn|group="n"|name="note-d"|IE uses the TLS implementation of the Microsoft Windows operating system provided by the Schannel security support provider. TLS 1.1 and 1.2 are disabled by default until IE11.{{cite web|author=Microsoft|url=https://msdn.microsoft.com/en-us/library/aa380123.aspx|title=Secure Channel|date=2012-09-05|access-date=2012-10-18|url-status=live|archive-url=https://web.archive.org/web/20120829025314/http://msdn.microsoft.com/en-us/library/aa380123.aspx|archive-date=2012-08-29}}{{cite web|author=Microsoft|url=https://msdn.microsoft.com/en-us/library/dd208005.aspx|title=MS-TLSP Appendix A|date=2009-02-27|access-date=2009-03-19|url-status=live|archive-url=https://web.archive.org/web/20130927055954/http://msdn.microsoft.com/en-us/library/dd208005.aspx|archive-date=2013-09-27}}}}

Windows Schannel

|colspan=2 style=background:salmon|1.x

|rowspan=3 style=background:salmon rowspan=3|Windows 3.1, 95, NT,Windows NT 3.1 supports IE 1–2, Windows NT 3.5 supports IE 1–3, Windows NT 3.51 and Windows NT 4.0 supports IE 1–6.
Mac OS 7, 8

|colspan=16|No SSL/TLS support

colspan=2 style=background:salmon|2

|{{No|Yes}}

|No

|{{No}}

|colspan=3|No SSL 3.0 or TLS support

|{{No|Vulnerable}}

|{{N/A}}

colspan=2 style=background:salmon|3

|{{No|Yes}}

|{{No|Yes}}{{cite web|title=What browsers only support SSLv2?|url=https://stackoverflow.com/q/881563|access-date=2014-06-19}}

|No

|{{No}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{dunno}}

colspan=2 style=background:salmon|4, 5, 6

|style=background:salmon|Windows 3.1, 95, 98, NT, 2000
Mac OS 7.1, 8, X,
Solaris, HP-UX

|{{No|Yes}}

|{{Partial|Disabled by default}}

|No

|{{No}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|6

|rowspan=2 style=background:salmon|Windows XP

|{{No|Yes}}

|{{Partial|Disabled by default}}

|No

|{{No}}

|{{Partial|Yes (Since SP3)}}MS13-095 or MS14-049 for Windows Server 2003, Windows XP x64 and Windows XP SP3 (32-bit).{{cite web|url=https://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx|title=SHA2 and Windows – Windows PKI blog – Site Home – TechNet Blogs|date=2010-09-30|access-date=2014-07-29|url-status=live|archive-url=https://web.archive.org/web/20140716230537/http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx|archive-date=2014-07-16}}

|{{No}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|7, 8

|{{Partial|Disabled by default}}{{cite web|url=https://msdn.microsoft.com/en-us/library/bb250503.aspx|title=HTTPS Security Improvements in Internet Explorer 7|access-date=2013-10-29|url-status=live|archive-url=https://web.archive.org/web/20131010205312/http://msdn.microsoft.com/en-us/library/bb250503.aspx|archive-date=2013-10-10}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Partial|Yes (Since SP3)}}

|{{No}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|6

|rowspan=2 style=background:salmon|Server 2003{{refn|group="n"|name="note-k"|Windows XP as well as Server 2003 and older support only weak ciphers like Triple DES and RC4 out of the box.{{cite web|url=https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512.aspx|title=TLS Cipher Suites|publisher=Microsoft|url-status=live|archive-url=https://web.archive.org/web/20170313125201/https://msdn.microsoft.com/en-us/library/windows/desktop/aa380512.aspx|archive-date=2017-03-13}} The weak ciphers of these Schannel version are not only used for IE, but also for other Microsoft products running on this OS, like Microsoft Office or Windows Update. Only Windows Server 2003 can get a manual update to support AES ciphers by KB948963{{cite web|url=http://support.microsoft.com/kb/948963|title=Cipher Suites in TLS/SSL (Schannel SSP) - Win32 apps|access-date=2017-07-19|url-status=live|archive-url=https://web.archive.org/web/20150311105145/http://support.microsoft.com/kb/948963|archive-date=2015-03-11}}}}

|{{No|Yes}}

|{{Partial|Disabled by default}}

|No

|{{No}}

|{{Partial|Yes
(KB938397+KB968730)}}

|{{No}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}{{cite tech report|author=MSRC|author-link=Microsoft Security Response Center|date=2015-03-10|url=https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-031|title=Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)|website=Security Bulletins|number=MS15-031|access-date=2021-10-24|via=Microsoft Docs}}

|{{Yes|Mitigated}}{{cite tech report|author=MSRC|author-link=Microsoft Security Response Center|date=2015-05-12|url=https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-055|title=Vulnerability in Schannel Could Allow Information Disclosure (3061518)|website=Security Bulletins|number=MS15-055|access-date=2021-10-24|via=Microsoft Docs}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|7, 8

|{{Partial|Disabled by default}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Partial|Yes
(KB938397+KB968730)}}

|{{No}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|7, 8, 9

|style=background:salmon|Windows Vista

|{{Partial|Disabled by default}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|{{nowrap|7, 8, 9}}

|style=background:salmon|Server 2008

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Partial|Disabled by default}}{{cite web|url=https://support.microsoft.com/kb/4019276|title=Update to add support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2, Windows Embedded POSReady 2009, and Windows Embedded Standard 2009|access-date=2017-07-19}}
(KB4019276){{refn|group="n"|name="TLS≠DTLS"|DTLS protocol counterpart version, however, is not supported.{{Cite web|url=https://docs.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-|title=Protocols in TLS/SSL (Schannel SSP) - Win32 apps|website=learn.microsoft.com|access-date=2022-02-20}}}}

|{{Partial|Disabled by default
(KB4019276)}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=2 style=background:salmon|8, 9, 10

|style=background:salmon|7, 8
Server 2008 R2
Server 2012

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Partial|Disabled by default}}{{cite web|url=https://blogs.msdn.com/b/ieinternals/archive/2009/06/19/windows-7-support-for-tls-and-ciphers.aspx|title=Windows 7 adds support for TLSv1.1 and TLSv1.2 – IEInternals – Site Home – MSDN Blogs|access-date=2013-10-29|url-status=live|archive-url=https://web.archive.org/web/20131226222853/http://blogs.msdn.com/b/ieinternals/archive/2009/06/19/windows-7-support-for-tls-and-ciphers.aspx|archive-date=2013-12-26}}

|{{Partial|Disabled by default}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Partial|Lowest priority{{cite web|url=https://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption|title=Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption|publisher=Microsoft Security|date=2014-11-11|access-date=2014-11-14|last=Thomlinson|first=Matt|url-status=live|archive-url=https://web.archive.org/web/20141114143813/http://blogs.microsoft.com/cybertrust/2014/11/11/hundreds-of-millions-of-microsoft-customers-now-benefit-from-best-in-class-encryption|archive-date=2014-11-14}}{{refn|group="n"|name="RC4fallbackWin7"|RC4 can be disabled except as a fallback (Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback).{{Cite web|url=https://support.microsoft.com/en-us/topic/microsoft-security-advisory-update-for-disabling-rc4-479fd6f0-c7b5-0671-975b-c45c3f2c0540|archiveurl=https://web.archive.org/web/20150311053342/http://support.microsoft.com/kb/2868725|url-status=dead|title=Microsoft security advisory: Update for disabling RC4|archive-date=11 March 2015|website=Support.microsoft.com|access-date=20 February 2022}}}}}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

|Internet Explorer 11

Windows Schannel

|colspan=2 style=background:salmon|11{{refn|group="n"|IE11 will continue to support these operating systems if they are with ESUs until at least October 13, 2026.}}{{cite web|url=https://support.microsoft.com/en-us/help/4492872/update-for-internet-explorer-april-16-2019|title=Internet Explorer 11 for Windows Server 2012 and Windows Embedded 8 Standard|date=2019-04-16|website=Microsoft Support}}

|style=background:salmon|7, 8.1
Server 2008 R2
Server 2012
Server 2012 R2

|{{Partial|Disabled by default}}

|{{Partial|Disabled by default}}{{refn|group="n"|name="ie11_ssl3"|Fallback to SSL 3.0 is sites blocked by default in Internet Explorer 11 for Protected Mode.{{cite web|url=https://blogs.msdn.com/b/ie/archive/2015/02/10/february-2015-security-updates-for-internet-explorer.aspx|title=February 2015 security updates for Internet Explorer|date=2015-02-11|access-date=2015-02-11|url-status=live|archive-url=https://web.archive.org/web/20150211031724/http://blogs.msdn.com/b/ie/archive/2015/02/10/february-2015-security-updates-for-internet-explorer.aspx|archive-date=2015-02-11}}{{cite web|url=https://support.microsoft.com/kb/3038778|title=Update turns on the setting to disable SSL 3.0 fallback for protected mode sites by default in Internet Explorer 11|access-date=2015-02-11|url-status=live|archive-url=https://web.archive.org/web/20150214082207/http://support.microsoft.com/kb/3038778|archive-date=2015-02-14}} SSL 3.0 is disabled by default in Internet Explorer 11 since April 2015.{{cite tech report|author=MSRC|author-link=Microsoft Security Response Center|date=2014-10-14|url=https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3009008|title=Vulnerability in SSL 3.0 Could Allow Information Disclosure|website=Security Advisories|number=3009008|access-date=2021-10-24|via=Microsoft Docs}}}}

|{{Partial|Disabled by default}}{{refn|group="n"|name="IE_&_EDGE_TLS_1.x"|TLS 1.0 and 1.1 are disabled by default in Internet Explorer 11 and EdgeHTML since September 2022.{{cite web|url=https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11|title=Plan for change: TLS 1.0 and TLS 1.1 soon to be disabled by default|first=Kyle|last=Pflug|date=2020-03-31|website=Windows Blogs}}{{cite web|url=https://support.microsoft.com/en-us/topic/kb5017811-manage-transport-layer-security-tls-1-0-and-1-1-after-default-behavior-change-on-september-20-2022-e95b1b47-9c7c-4d64-9baf-610604a64c3e|title=KB5017811—Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change on September 20, 2022|accessdate=2023-01-09|website=Microsoft Support}}}}

|{{Partial|Disabled by default}}

|{{Yes}}{{cite web|author=Microsoft|url=https://blogs.msdn.com/b/ieinternals/archive/2013/09/24/internet-explorer-11-changelist-change-log.aspx|title=IE11 Changes|date=2013-09-24|access-date=2013-11-01|url-status=live|archive-url=https://web.archive.org/web/20131030114356/http://blogs.msdn.com/b/ieinternals/archive/2013/09/24/internet-explorer-11-changelist-change-log.aspx|archive-date=2013-10-30}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=2|Microsoft Edge
(12–18)
(EdgeHTML-based)
Client only

Internet Explorer 11

Windows Schannel

|style=background:salmon|11

|style=background:salmon|12–13

|style=background:salmon|Windows 10 1507–1511

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes|Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:salmon|11

|style=background:salmon|14–18
(client only)

|style=background:salmon|Windows 10 1607–2004
Windows Server (SAC)
1709–2004

|{{Yes|No}}{{cite web|date=2017-03-21|url=https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016|title=TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016|publisher=Microsoft|accessdate=2017-03-29|url-status=dead|archiveurl=https://web.archive.org/web/20170330011044/https://technet.microsoft.com/en-us/windows-server-docs/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server-2016|archivedate=2017-03-30}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

rowspan=2|Internet Explorer 11

Windows Schannel

|rowspan=2 colspan=2 style=background:salmon|11{{refn|group="n"|name="IE11EOL"|IE11 ran out of support for GAC (formerly CB and SAC) editions of Windows 10 since June 15, 2022.{{cite web|url=https://blogs.windows.com/windowsexperience/2022/06/15/internet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know|title=Internet Explorer 11 has retired and is officially out of support—what you need to know|date=June 15, 2022}}{{cite web|url=https://docs.microsoft.com/lifecycle/announcements/internet-explorer-11-end-of-support-windows-10|title=Internet Explorer 11 desktop app support ended for certain versions of Windows 10|date=June 15, 2022}}}}

|style=background:salmon|Windows 10 20H2–21H2
Windows Server (SAC)
20H2

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Partial|Disabled by default}}

|rowspan=2 {{Yes}}

|rowspan=2 {{No}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Yes}}

style=background:#fc9|Windows 10 22H2

rowspan=6|Windows Schannel

|colspan=3 style=background:salmon|Windows 11 21H2

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=3 style=background:salmon|Windows 11 22H2
(Home/Pro)

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Partial|Disabled by default}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Yes}}

colspan=3 style=background:#fc9|Windows 11 22H2
(Ent/Edu)

colspan=3 style=background:#fc9|Windows 11 23H2
(Home/Pro)

|rowspan=2 {{Yes|No}}

|rowspan=2 {{Partial|Disabled by default}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Yes}}

colspan=3 style=background:khaki|Windows 11 23H2
(Ent/Edu)

colspan=3 style=background:#a0e75a|Windows 11 24H2

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

rowspan=6|Internet Explorer 11
LTSB/LTSC

Windows Schannel
LTSB/LTSC

|colspan=2 rowspan=6 style=background:khaki|11

|style=background:#fc9|Windows 10
LTSB 2015 (1507)

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Partial|Disabled by default}}

|{{Yes|Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:khaki|Windows 10
LTSB 2016 (1607)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:khaki|Windows Server 2016
(LTSB/1607)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:khaki|Windows 10
LTSC 2019 (1809)
Windows Server 2019
(LTSC/1809)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:khaki|Windows 10
LTSC 2021 (21H2)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

style=background:khaki|Windows Server 2022
(LTSC/21H2)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

rowspan=2|Windows Schannel
LTSC

|colspan=3 style=background:#a0e75a|Windows 11
LTSC 2024 (24H2)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

colspan=3 style=background:#a0e75a|Windows Server 2025
(LTSC/24H2)

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{Yes|Yes}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=3|Microsoft Internet Explorer Mobile

|colspan=2 style=background:salmon|7–9

|style=background:salmon|Windows Phone 7, 7.5, 7.8

|{{Partial|Disabled by default}}

|{{No|Yes}}

|No{{Citation needed|date=January 2015}}

|{{No}}{{Citation needed|date=January 2015}}

|{{No}}

|{{No}}{{Citation needed|date=January 2015}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Partial|Only with 3rd party tools{{refn|group="n"|name="viaregistry"|Could be disabled via registry editing but need 3rd Party tools to do this.{{cite web|url=http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203|title=POODLE SSL vulnerability – secure your Windo… – Windows Phone 8 Development and Hacking|work=XDA Developers|url-status=live|archive-url=https://web.archive.org/web/20160923053812/http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203|archive-date=2016-09-23}}}}}}

colspan=2 style=background:salmon|10

|style=background:salmon|Windows Phone 8

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Partial|Disabled by default}}{{cite web|url=https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2ddee177-5086-4453-987b-d02b6a7ec62d/what-tls-version-is-used-in-windows-phone-8-for-secure-http-connections?forum=wpdevelop|title=What TLS version is used in Windows Phone 8 for secure HTTP connections?|publisher=Microsoft|access-date=2014-11-07|url-status=live|archive-url=https://web.archive.org/web/20160304063257/https://social.msdn.microsoft.com/Forums/windowsapps/en-US/2ddee177-5086-4453-987b-d02b6a7ec62d/what-tls-version-is-used-in-windows-phone-8-for-secure-http-connections?forum=wpdevelop|archive-date=2016-03-04}}

|{{Partial|Disabled by default}}

|{{No}}

|{{No}}{{Citation needed|date=January 2015}}

|{{Yes}}

|{{Yes}}{{cite web|url=https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0|title=Qualys SSL Labs – Projects/User Agent Capabilities: Unknown|url-status=live|archive-url=https://web.archive.org/web/20170301141459/https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0|archive-date=2017-03-01}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Partial|Only with 3rd party tools}}

colspan=2 style=background:salmon|11

|style=background:salmon|Windows Phone 8.1

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{No|Yes}}{{cite web|date=2014-06-25|url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-phone/dn756283(v=technet.10)|title=Platform Security|department=TechNet|website=Microsoft Docs|access-date=2021-10-24}}

|{{Yes}}

|{{No}}

|{{No}}{{Citation needed|date=January 2015}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{Partial|Only as fallback{{cite web|date=2013-06-24|url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/dn303404(v=ws.11)|title=Release Notes: Important Issues in Windows 8.1 Preview|department=TechNet|website=Microsoft Docs|access-date=2021-10-24}}{{cite web|url=https://community.qualys.com/thread/12092|title=W8.1(IE11) vs RC4|work=Qualys Community|access-date=2014-11-04|url-status=live|archive-url=https://web.archive.org/web/20141104093736/https://community.qualys.com/thread/12092|archive-date=2014-11-04}}}}

|{{No|Vulnerable}}

|{{Partial|Only with 3rd party tools}}

rowspan=2|Microsoft Edge
(13–15)
(EdgeHTML-based)Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine.

|colspan=2 style=background:salmon|13

|style=background:salmon|Windows 10 Mobile 1511

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 style=background:salmon|14, 15

|style=background:salmon|Windows 10 Mobile
1607–1709

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Mitigated}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=14|Apple Safari{{refn|group="n"|name="note-g"|Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7){{cite web|last=Adrian|first=Dimcev|title=Common browsers/libraries/servers and the associated cipher suites implemented|url=http://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_annex_a1_main.docx|work=TLS Cipher Suites Project|url-status=live|archive-url=https://web.archive.org/web/20130720081424/http://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_annex_a1_main.docx|archive-date=2013-07-20}} with unknown version,{{cite web|title=Features|work=Safari|publisher=Apple|date=2009-06-10|url=https://www.apple.com/safari/features.html|access-date=2009-06-10|url-status=live|archive-url=https://web.archive.org/web/20130420164115/http://www.apple.com/safari/features.html|archive-date=2013-04-20}} Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2{{cite web|title=Curl: Patch to add TLS 1.1 and 1.2 support & replace deprecated functions in SecureTransport|publisher=haxx.se|location=Sweden|url=http://curl.haxx.se/mail/lib-2012-08/0120.html|url-status=live|archive-url=https://web.archive.org/web/20170301142904/https://curl.haxx.se/mail/lib-2012-08/0120.html|archive-date=2017-03-01}} Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2.{{cite web|title=SSL Server Test: google.co.uk|url=https://www.ssllabs.com/ssltest/analyze.html?d=google.co.uk|url-status=live|archiveurl=https://web.archive.org/web/20170201174935/https://www.ssllabs.com/ssltest/analyze.html?d=google.co.uk|archivedate=February 1, 2017}}}}

|colspan=2 style=background:salmon|1

|style=background:salmon|Mac OS X 10.2, 10.3

|{{Yes|No{{cite web|title=Apple Secures Mac OS X with Mavericks Release|publisher=eSecurity Planet|date=2013-10-25|url=http://www.esecurityplanet.com/mac-os-security/apple-secures-mac-os-x-with-mavericks-release.html|access-date=2014-06-23|url-status=live|archive-url=https://web.archive.org/web/20140708195022/http://www.esecurityplanet.com/mac-os-security/apple-secures-mac-os-x-with-mavericks-release.html|archive-date=2014-07-08}}}}

|{{No|Yes}}

|No

|{{No}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|2–5

|style=background:salmon|Mac OS X 10.4, 10.5, Win XP

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Partial|Yes (Since v3.2)}}

|{{No}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|3–5

|style=background:salmon|Vista, Win 7

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Partial|Yes (Since v3.2)}}

|{{No}}

|{{Yes}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|4–6

|style=background:salmon|Mac OS X 10.6, 10.7

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|6

|style=background:salmon|OS X 10.8

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}

|{{Yes|Mitigated{{refn|group="n"|name="note-i"|In September 2013, Apple implemented BEAST mitigation in OS X 10.8 (Mountain Lion), but it was not turned on by default, resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.{{cite web|last=Ristic|first=Ivan|title=Is BEAST Still a Threat?|publisher=Qualys|date=2013-09-10|url=https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat|url-status=live|archive-url=https://web.archive.org/web/20141012121824/https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat|archive-date=2014-10-12}}{{cite web|first=Ivan|last=Ristić|title=Apple enabled BEAST mitigations in OS X 10.9 Mavericks|date=2013-10-31|url=http://blog.ivanristic.com/2013/10/apple-enabled-beast-mitigations-in-mavericks.html|access-date=2013-11-07|url-status=live|archive-url=https://web.archive.org/web/20131107045223/http://blog.ivanristic.com/2013/10/apple-enabled-beast-mitigations-in-mavericks.html|archive-date=2013-11-07}} BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.{{cite web|first=Ivan|last=Ristić|title=Apple finally releases patch for BEAST|publisher=Qualys|date=2014-02-26|url=https://community.qualys.com/thread/12496|access-date=2014-07-01|url-status=live|archive-url=https://web.archive.org/web/20140714162556/https://community.qualys.com/thread/12496|archive-date=2014-07-14}}}}}}

|{{Yes|Not affected}}

|{{Partial|Mitigated{{refn|group="n"|name="note-safari-poodle"|Because Apple removed support for all CBC protocols in SSL 3.0 to mitigate POODLE,{{cite web|title=About Security Update 2014-005|work=Apple Support knowledge base article|publisher=Apple|url=http://support.apple.com/kb/HT6531|url-status=live|archive-url=https://web.archive.org/web/20141024181953/https://support.apple.com/kb/HT6531|archive-date=2014-10-24}}{{cite web|title=About the security content of iOS 8.1|work=Apple Support knowledge base article|publisher=Apple|url=http://support.apple.com/kb/HT6541|url-status=live|archive-url=https://web.archive.org/web/20141023104948/http://support.apple.com/kb/HT6541|archive-date=2014-10-23}} this leaves only RC4, which is also completely broken by the RC4 attacks in SSL 3.0.}}}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|7, 9

|style=background:salmon|OS X 10.9

|{{Yes|No}}

|{{No|Yes}}

|{{No|Yes}}{{cite web|title=About the security content of OS X Mavericks v10.9|url=http://support.apple.com/kb/HT6011|access-date=2014-06-20|url-status=live|archive-url=https://web.archive.org/web/20140704220956/http://support.apple.com/kb/HT6011|archive-date=2014-07-04}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Partial|Mitigated}}

|{{No|Vulnerable}}

|{{Yes|Mitigated}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|8–10

|style=background:salmon|OS X 10.10

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{yes|Mitigated}}

|{{Partial|Lowest priority{{cite web|title=User Agent Capabilities: Safari 8/OS X 10.10|publisher=Qualys SSL Labs|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=OS%20X%2010.10|access-date=2015-03-07|url-status=live|archive-url=https://web.archive.org/web/20150906044018/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=OS%20X%2010.10|archive-date=2015-09-06}}}}

|{{Yes|Mitigated{{cite web|title=About Security Update 2015-002|work=Apple Support knowledge base article|publisher=Apple|url=https://support.apple.com/en-us/HT204413|access-date=2015-03-09|url-status=live|archive-url=https://web.archive.org/web/20150316081731/https://support.apple.com/en-us/HT204413|archive-date=2015-03-16}}}}

|{{Yes|Mitigated}}{{cite web|url=https://support.apple.com/en-us/HT204942|title=About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005|access-date=2015-07-03|url-status=live|archive-url=https://web.archive.org/web/20150702202131/https://support.apple.com/en-us/HT204942|archive-date=2015-07-02}}

|{{No}}

colspan=2 style=background:salmon|9–11

|style=background:salmon|OS X 10.11

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Partial|Lowest priority}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 style=background:salmon|10–15

|style=background:salmon|macOS
10.12, 10.13,
10.14, 10.15

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Yes (Since macOS 10.14.4)}}{{cite mailing list|url=https://mailarchive.ietf.org/arch/msg/tls/5QjzTilqjomSyzENtgfaAqQOhbA|title=TLS 1.3 in iOS|first=Tommy|last=Pauly|date=2019-01-29|mailing-list=tls@ietf.org}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 style=background:salmon|14–17

|style=background:salmon|macOS 11, 12

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

style=background:salmon|16, 17

|style=background:#fc9|18

|style=background:#fc9|macOS 13

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

style=background:salmon|17

|style=background:khaki|18

|style=background:khaki|macOS 14

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

style=background:#a0e75a colspan=2|18

|style=background:#a0e75a|macOS 15

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 {{table-experimental|26}}

|{{table-experimental|macOS 26}}

|{{Yes|No}}

|{{dunno}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=16|{{Anchor|Safari_Mobile}}Apple Safari
(mobile){{refn|group="n"|name="note-h"|Mobile Safari and third-party software utilizing the system UIWebView library use the iOS operating system implementation, which supports TLS 1.2 as of iOS 5.0.{{cite web|title=Technical Note TN2287 – iOS 5 and TLS 1.2 Interoperability Issues|publisher=Apple|date=2011-10-14|url=https://developer.apple.com/library/ios/#technotes/tn2287/_index.html|access-date=2012-12-10|url-status=live|archive-url=https://web.archive.org/web/20110907013839/http://developer.apple.com/library/iOS/#technotes/tn2287/_index.html|archive-date=2011-09-07}}{{cite news|last=Liebowitz|first=Matt|title=Apple issues huge software security patches|date=2011-10-13|work=NBC News|url=https://www.nbcnews.com/id/44896639|archive-url=https://web.archive.org/web/20200215010125/http://www.nbcnews.com/id/44896639|url-status=dead|archive-date=February 15, 2020|access-date=2012-12-10}}{{cite web|website=MWR Info Security|title=Adventures with iOS UIWebviews|date=2012-04-16|url=http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews|access-date=2012-12-10|url-status=live|archive-url=https://web.archive.org/web/20130320091836/http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews|archive-date=2013-03-20}}, section "HTTPS (SSL/TLS)"}}

|colspan=2 style=background:salmon|3

|style=background:salmon|iPhone OS 1, 2

|{{Yes|No{{cite web|title=Secure Transport Reference|url=https://developer.apple.com/library/mac/documentation/security/Reference/secureTransportRef/Reference/reference.html#//apple_ref/c/tdef/SSLProtocol|access-date=2014-06-23|url-status=live|archive-url=https://web.archive.org/web/20140604052511/https://developer.apple.com/library/Mac/documentation/Security/Reference/secureTransportRef/Reference/reference.html#//apple_ref/c/tdef/SSLProtocol|archive-date=2014-06-04}}kSSLProtocol2 is deprecated in iOS}}

|{{No|Yes}}

|No

|{{No}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|4, 5

|style=background:salmon|iPhone OS 3, iOS 4

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{Yes}}{{cite web|title=iPhone 3.0: Mobile Safari Gets Enhanced Security Certificate Visualization|website=The iPhone Blog|date=2009-03-31|url=http://www.theiphoneblog.com/2009/03/31/iphone-30-mobile-safari-enhanced-security-certificate-visualization|archive-url=https://web.archive.org/web/20090403074546/http://www.theiphoneblog.com/2009/03/31/iphone-30-mobile-safari-enhanced-security-certificate-visualization|archive-date=2009-04-03}}

|{{Yes}}

|{{Partial|Yes (Since iOS 4)}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|5, 6

|style=background:salmon|iOS 5, 6

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{No|Vulnerable}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|7

|style=background:salmon|iOS 7

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes}}{{cite web|title=Projects/User Agent Capabilities: Safari 7/iOS 7.1|publisher=Qualys SSL Labs|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1|url-status=live|archive-url=https://web.archive.org/web/20170313130545/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1|archive-date=2017-03-13}}

|{{Yes|Mitigated{{cite web|author=|title=SOAP Request fails randomly on one Server but works on another on iOS7|publisher=Stack Overflow|date=2013-10-11|url=https://stackoverflow.com/q/19221568|access-date=2014-01-05}}}}

|{{Yes|Not affected}}

|{{No|Vulnerable}}

|{{No}}

colspan=2 style=background:salmon|8

|style=background:salmon|iOS 8

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{yes|Mitigated}}

|{{Partial|Lowest priority{{cite web|title=User Agent Capabilities: Safari 8/iOS 8.1.2|publisher=Qualys SSL Labs|url=https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=iOS%208.1.2|access-date=2015-03-07|url-status=live|archive-url=https://web.archive.org/web/20160304062526/https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=8&platform=iOS%208.1.2|archive-date=2016-03-04}}}}

|{{Yes|Mitigated{{cite web|title=About the security content of iOS 8.2|work=Apple Support knowledge base article|publisher=Apple|url=https://support.apple.com/en-us/HT204423|access-date=2015-03-09|url-status=live|archive-url=https://web.archive.org/web/20150309201042/https://support.apple.com/en-us/HT204423|archive-date=2015-03-09}}}}

|{{Yes|Mitigated}}{{cite web|url=https://support.apple.com/en-us/HT204941|title=About the security content of iOS 8.4|access-date=2015-07-03|url-status=live|archive-url=https://web.archive.org/web/20150703014410/https://support.apple.com/en-us/HT204941|archive-date=2015-07-03}}

|{{No}}

colspan=2 style=background:salmon|9

|style=background:salmon|iOS 9

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Partial|Lowest priority}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 style=background:salmon|10, 11

|style=background:salmon|iOS 10, 11

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=2 style=background:salmon|12

|style=background:salmon|iOS
iOS 12

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{Partial|Yes (Since iOS 12.2)}}

|{{Yes}}

|{{Yes|Mitigated}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

rowspan=2 colspan=2 style=background:salmon|13–16

|style=background:salmon|iOS
13, 14, 15, 16

|rowspan=2 {{Yes|No}}

|rowspan=2 {{No|Yes}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{No}}

style=background:salmon|iPadOS
13, 14, 15, 16

rowspan=2 colspan=2 style=background:khaki|17

|style=background:salmon|iOS 17

|rowspan=2 {{Yes|No}}

|rowspan=2 {{No|Yes}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{No}}

style=background:khaki|iPadOS 17

rowspan=2 colspan=2 style=background:#a0e75a|18

|style=background:#a0e75a|iOS 18

|rowspan=2 {{Yes|No}}

|rowspan=2 {{dunno}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{No}}

style=background:#a0e75a|iPadOS 18

rowspan=2 colspan=2 {{table-experimental|26}}

|{{table-experimental|iOS 26}}

|rowspan=2 {{Yes|No}}

|rowspan=2 {{dunno}}

|rowspan=2 {{Yes}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{Yes|Not affected}}

|rowspan=2 {{Yes|Disabled by default}}

|rowspan=2 {{Yes|Mitigated}}

|rowspan=2 {{No}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV

!SHA-2

!ECDSA

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

rowspan=11|Google Android OS{{cite web|url=https://developer.android.com/reference/javax/net/ssl/SSLSocket.html|title=SSLSocket{{!}}Android Developers|access-date=2015-03-11|url-status=live|archive-url=https://web.archive.org/web/20150318121117/http://developer.android.com/reference/javax/net/ssl/SSLSocket.html|archive-date=2015-03-18}}

|colspan=3 style=background:salmon|Android 1.0–4.0.4

|{{Yes|No}}

|{{No|Yes}}

|No

|{{No}}

|{{dunno}}

|{{Yes}}

|{{Partial|Yes (Since 3.0)}}{{cite web|title=What browsers work with Universal SSL|access-date=2015-06-15|url=https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-Universal-SSL|url-status=live|archive-url=https://web.archive.org/web/20160304023941/https://support.cloudflare.com/hc/en-us/articles/203041594-What-browsers-work-with-Universal-SSL|archive-date=2016-03-04}}

|{{dunno}}

|{{No|Vulnerable}}

|{{No}}

colspan=3 style=background:salmon|Android 4.1–4.4.4

|{{Yes|No}}

|{{No|Yes}}

|{{Partial|Disabled by default}}{{cite web|url=http://developer.android.com/reference/javax/net/ssl/SSLSocket.html|title=SSLSocket{{!}}Android Developers|access-date=2015-12-17|url-status=live|archive-url=https://web.archive.org/web/20160304202641/https://developer.android.com/reference/javax/net/ssl/SSLSocket.html|archive-date=2016-03-04}}

|{{Partial|Disabled by default}}

|{{No}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{No|Vulnerable}}

|{{No}}

colspan=3 style=background:salmon|Android 5.0–5.0.2

|{{Yes|No}}

|{{No|Yes}}

|{{No|Yes}}{{cite web|url=http://developer.android.com/about/versions/android-5.0-changes.html#ssl|title=Android 5.0 Behavior Changes{{!}}Android Developers|access-date=2015-03-11|url-status=live|archive-url=https://web.archive.org/web/20150309000956/http://developer.android.com/about/versions/android-5.0-changes.html#ssl|archive-date=2015-03-09}}

|{{Yes}}

|{{No}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{No|Vulnerable}}

|{{No}}

colspan=3 style=background:salmon|Android 5.1–5.1.1

|{{Yes|No}}

|{{Partial|Disabled by default}}{{Citation needed|date=August 2016}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Partial|Only as fallback}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:salmon|Android 6.0–7.1.2

|{{Yes|No}}

|{{Partial|Disabled by default}}{{Citation needed|date=August 2016}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:salmon|Android 8.0–9

|{{Yes|No}}

|{{Yes|No}}{{cite web|url=https://developer.android.com/about/versions/oreo/android-8.0-changes.html|title=Android 8.0 Behavior Changes|url-status=live|archive-url=https://web.archive.org/web/20171201042705/https://developer.android.com/about/versions/oreo/android-8.0-changes.html|archive-date=2017-12-01}}

|{{No|Yes}}

|{{Yes}}

|{{No}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:salmon|Android 10–12L

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:khaki|Android 13

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:khaki|Android 14

|{{Yes|No}}

|{{No|Yes}}

|{{Yes}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:khaki|Android 15

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

colspan=3 style=background:#a0e75a|Android 16

|{{Yes|No}}

|{{Partial|Disabled by default}}

|{{Yes}}

|{{dunno}}

|{{Yes}}

|{{dunno}}

|{{Yes|Not affected}}

|{{Yes|Disabled by default}}

|{{Yes|Mitigated}}

|{{No}}

Browser
or OS API

!colspan=2|Version

!Platforms

!SSL 2.0 (insecure)

!SSL 3.0 (insecure)

!TLS 1.0 (deprecated)

!TLS 1.1 (deprecated)

!TLS 1.2

!TLS 1.3

!EV certificate

!SHA-2 certificate

!ECDSA certificate

!BEAST

!CRIME

!POODLE (SSLv3)

!RC4

!FREAK

!Logjam

!Protocol selection by user

class=wikitable style=text-align:center;font-size:smaller
colspan=2\|Color or Note !rowspan=2\|Significance
Browser version !Platform
{{table-experimental

class=wikitable style=text-align:center;font-size:smaller

colspan=2|Color or Note

!rowspan=2|Significance

Browser version

!Platform

{{table-experimental

} Browser version

|{{table-experimental|}} Operating system

|Future release; under development

|style=background:#a0e75a|Browser version

|style=background:#a0e75a|Operating system

|Current latest release

|style=background:khaki|Browser version

|style=background:khaki|Operating system

|Former release; still supported

|style=background:#fc9|Browser version

|style=background:#fc9|Operating system

|Former release; long-term support still active, but will end in less than 12 months

|style=background:salmon|Browser version

|style=background:salmon|Operating system

|Former release; no longer supported

|rowspan=3{{N/A}}

|Operating system

|Mixed/Unspecified

|Operating system (Version+)

|Minimum required operating system version (for supported versions of the browser)

|~~Operating system~~

|No longer supported for this operating system

;Notes

References

Category:Transport Layer Security

Category:History of computer networks

Category:History of the Internet