Solved I do not see TLS 1.1 TLS 1.2 in IE9 internet options

gordon55y

Member
My IE9 Advanced settings show only:
SSL 2.0 (disabled)
SSL 3.0 (disabled)
TLS 1.0 (enabled)

I run auto updates, and everything is current.

MS12-006 says that I should have TLS 1.1 and 1.2 for best security.
https://technet.microsoft.com/library/security/ms12-006

MS12-006 says this is fixed in KB2585542
I see that KB2585542 was installed successfully in 2012.

Am I missing something?
thanks
gordon

vista/sp2
IE9: 9.0.8112.16421
update version: 9.0.42 (KB3087038)
Cipher strength: 256 bit
Product ID: 03553-997-7332166-00042
 

My Computer

virtual6

Vista Pro
MS12-006 says that I should have TLS 1.1 and 1.2 for best security.
Yes

MS12-006 says this is fixed in KB2585542
It says the specific vulnerability (Beast Attack) is fixed.
It does not say they added TLS 1.1 and 1.2 to IE9.

Go here to get some interesting info about your browser.

You will need to run a different browser to be able to use updated protocols and ciphers.
 

My Computer

gordon55y

Member
It says the specific vulnerability (Beast Attack) is fixed.
It does not say they added TLS 1.1 and 1.2 to IE9.

Go here to get some interesting info about your browser.

You will need to run a different browser to be able to use updated protocols and ciphers.
Virtual6,
Thanks for the clarification.
After some googling, I kinda understand.....
Please let me know if the following is inaccurate:
1) IE9 on Vista will never support TLS1.1 TLS1.2
2) Firefox uses its own SSL/TLS library (NSS), which is why it does not depend on the operating system

When I test the latest version of firefox (40.0.3) using
https://www.ssllabs.com/ssltest/viewMyClient.html
I get the following error:
Your user agent doesn't support TLS 1.2. You should upgrade.
But it also says:
Protocols: TLS 1.2 yes
So it seems that the latest version of firefox cannot support TLS 1.2 even though it is enabled
in about:config
security.tls.version.min 1
security.tls.version.max 3

thanks
 

My Computer

virtual6

Vista Pro
1) IE9 on Vista will never support TLS1.1 TLS1.2
Well I can't speak for Microsoft, but I would agree. We already have IE10 and 11 and now Edge so IE9 is just getting security fixes...unless some vulnerability was discovered, where the only way to fix it was to include a newer version of TLS.

2) Firefox uses its own SSL/TLS library (NSS), which is why it does not depend on the operating system
Sounds reasonable to me. The IE component that handles the protocols is winINET, which FF probably does not use.

I only use the esr versions of Firefox, currently I'm using 38.2.
Interestingly, my response from that site is "Your user agent has good protocol support", and also shows "TLS 1.2 yes".
My config settings are the same as yours.

I would actually like to use IE, but would need Windows 7 and IE11 to get the TLS 1.2.
If you don't need the best security protocols and ciphers it would be okay.
In the final analysis, Firefox (and Pale Moon) are much more configurable and transparent with respect to privacy and security settings; availability of many useful add-ons; and about 2-3 times faster, in my experience, than IE on Vista.
 

My Computer

gordon55y

Member
I only use the esr versions of Firefox, currently I'm using 38.2.
Interestingly, my response from that site is "Your user agent has good protocol support", and also shows "TLS 1.2 yes".
My config settings are the same as yours.
Virtual6,
Because you passed the TLS 1.2 test, I went back to test mine again.
https://www.ssllabs.com/ssltest/viewMyClient.html

And, it now passes !!!!????
That is, I now see this message:
"Your user agent has good protocol support"
Same as you saw.
I made no changes to FF.
I always run FF inside sandboxie, so there is that.

By the way, the reason for my OP was because I got a warning when
I logged into my account at swansonvitamins.com
And that warning has gone away now.

I also have noscript extension, I sometimes fiddle with it.
But it has been turned off globally for a few days.
If this happens again, I will uninstall it as I am not sure it
is totally inactive when turned off globally.

This morning I was also having problems when I went to frys.com
and selected "cool stuff we sell" then tablet then tablet
and then select "android 5.0". This morning that gave me nothing.
Now I see 9 items. And that worked properly this morning in chrome.
So something happened to my FF yesterday and this morning.

thanks,
gordon
 

My Computer

virtual6

Vista Pro
I always run FF inside sandboxie, so there is that.
Nope, there is not that, because I never leave home without Sandboxie either!
(in other words, I ran my test with Sandboxie too.)
Running Sandboxie, do you really need noscript?
I don't believe Sandboxie has ever caused me any trouble with a site, been using it for years.
I don't really tweak any of the settings, but they could probably be tightened to the point where you would not have to be concerned with scripts. Although SB will keep your system "clean", it doesn't necessarily keep "bad" scripts or code from running, I've always wondered about read access to my files from malware in the browser...not that there's any good stuff in my files...

Anyway, I think your FF was fixed just by posting on the Vista forum, like magic.;)
 

My Computer

townsbg

~~тσωηsвg~~
Vista Guru
Gold Member
Yeah apparently M$ has not added support for tls1.2 & 1.2 in Vista and if they haven't yet I doubt that they will which is a sham.
TLS 1.1 and 1.2 not supported: Internet Explorer (7–9 for Windows Vista / Server 2008), Safari 6 for Mac OS X 10.8
https://en.wikipedia.org/wiki/Transport_Layer_Security#Web_browsers

FF has had it installed (but disabled by default) since version 23 for tls 1.1 and version 24 for tls 1.2. It has been enabled by default since version 27. One thing to consider is that just because it is installed on your browser doesn't mean that it is used. That depends upon if a website is set up for it.
 

My Computers

System One System Two

  • Operating System
    Windows 7 Pro x64
    Manufacturer/Model
    Mid 2010 iMac
    CPU
    Quad core 3.2 Ghz Intel I3
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5670 512 mb ram
    Screen Resolution
    1920x1080 and 1440x900
    Hard Drives
    1 TB
    Other Info
    N/A
  • Operating System
    Windows 2008 R2 Enterprise
    Manufacturer/Model
    Compaq Presario SR5350F
    CPU
    Pentium 2.0 gHZ Dual core E2160
    Memory
    2 gb
    Screen Resolution
    1440 x 900
    Hard Drives
    300 GB

virtual6

Vista Pro
One thing to consider is that just because it is installed on your browser doesn't mean that it is used.
I suppose you could set security.tls.version.min=3 in the config options so that the browser would only accept TLS 1.2.
The ssllabs site I referenced earlier can also test the server security of a web site.
Enter the address of some sites you visit regularly...you'll be surprised by the results!
 

My Computer

matt4x4

Member
So I keep reading about Sandboxie, and member "virtual6" loves it.

Any other people love it? Members/Users with a couple thousand posts in this forum under their belt.
 

My Computer

System One

  • Manufacturer/Model
    HP a6745f
    CPU
    AMD Athlon X2 5050e 2.6GHz 2-Core AM2/AM2+
    Motherboard
    MSI - MS-7548 (Aspen) Chipset: AMD 780G
    Memory
    DDR2 - PC2-6400 (800 MHz) with 4GB
    Graphics Card(s)
    NVIDIA GeFroce GTX 650
    Sound Card
    stock
    Monitor(s) Displays
    LG 27" LCD
    Screen Resolution
    I dont know
    Hard Drives
    Stock WD 320GB 7200rpm
    120GB Patriot Blast SSD-HD
    PSU
    Upgraded to 650W from 300W
    Case
    stock HP Pavilion
    Cooling
    stock
    Mouse
    Logitech wireless
    Keyboard
    Logitech wireless
    Internet Speed
    got no clue
Top