The following guide provides you with instructions on enabling TLS 1.3 (Transport Layer Security) support in Mozilla Firefox and Google Chrome.
Transport Layer Security, short TLS, is a cryptographic protocol to communicate securely over a computer network. The current version of TLS is 1.2 while TLS 1.3 is available as a draft currently.
TLS 1.3 is based on TLS 1.2 but offers major security and privacy improvement over the protocol that web browsers support currently by default.
While it would go too far to list all improvements, you can check out the Wikipedia entry on TLS 1.3 for that, it does remove support for some cryptographic hash functions and named elliptic curves, prohibits use of insecure SSL or RC4 negotiations, or supports a new stream cipher, key exchange protocols or digital signature algorithms. It is also faster than TLS 1.2 by reducing the number of round-trips to 1 compared to TLS 1.2 using 2 round-trips.
Enable TLS 1.3 support in Firefox and Chrome
Both Firefox and Chrome support TLS 1.3, but the version of Transport Layer Security is not enabled by default. The main reason for that, likely, is that it is still only available as a draft.
Testing your browser’s TLS capabilities
One of the first things that you may want to do is check which TLS and SSL protocols your browser supports.
One of the better options to test the capabilities is to visit SSL Labs, and there the “My Client” page which checks the browser’s capabilities.
It reveals all protocols supported by the browser, checks whether the browser is vulnerable to certain known attacks, lists the supported cipher suites, protocol details, and how mixed content is handled by the browser.
If you run the test using Chrome or Firefox Stable right now, you will get a “no” next to TLS 1.3
Enable TLS 1.3 in Firefox
Mozilla Firefox users may enable TLS 1.3 support in Firefox in the following way (note that Nightly supports TLS 1.3 by default already, while Firefox Stable needs to be configured specifically to support it).
- Load about:config in the Firefox address bar. Confirm that you will be careful if the warning screen is shown. The Firefox Configuration editor opens.
- Search for security.tls.version.max
- Change the value of the preference to 4 by double-clicking on it.
Enable TLS 1.3 in Chrome
Google Chrome users may enable TLS 1.3 in the browser as well. Please note that some Chromium-based browsers such as Vivaldi support the same flag. You can apply the change to these browsers as well.
- Load chrome://flags/ in the browser’s address bar. This opens the experiments page of the web browser.
- Find Maximum TLS version enabled. You can also click on this link directly: chrome://flags/#ssl-version-max
- Click on the menu, and set it to TLS 1.3.
- Restart the web browser.
Closing Words
Some sites, like Cloudflare for instance, support TLS 1.3 already. Cloudflare customers may enable TLS 1.3 for their sites to “improve both speed and security for Internet users everywhere”.