Is there a way to emable TLS 1.0 and/or 1.2 on Edge Chromium?

Guinch 141 Reputation points
2021-07-23T15:39:12.707+00:00

I know TLS 1.0 and 1.2 have been disabled on Edge Chromium since 84 - link.

However, I need to be sure they have been removed or permanently disabled. I want to be 100% that there is no way a user can somehow enable them.

There are sources on the internet that indicate that if you enable 1.0 and 1.0 in internet options this also enables them in Edge. I don't seem to be able to replicate this though.

Also if I visit https://browserleaks.com/ssl using Edge 92 on a friend's company laptop 1.0 and 1.1 seem to be enabled. My knowledge of what settings or policy is set there is obviously limited though.

Can anyone provide and details/documentation on this?

Thanks in advance.

Microsoft Edge
Microsoft Edge
A Microsoft cross-platform web browser that provides privacy, learning, and accessibility tools.
2,120 questions
0 comments
Accepted answer
  1. Yu Zhou-MSFT 12,041 Reputation points Microsoft Vendor
    2021-07-27T06:21:38.867+00:00

    Hi @Guinch

    As the doc describes, TLS 1.0/1.1 will remain disabled by default in Microsoft Edge version 84 and later. If you want to enable them manually, you can refer to the following steps:

    1. Open Edge and navigate to edge://flags/.
    2. Type TLS in the search bar.
    3. Change the value of Enforce deprecation of legacy TLS versions to Disabled.
    4. Restart Edge.

    After finishing the above steps, when you visit https://browserleaks.com/ssl again in Edge, it will show TLS 1.0 and TLS 1.1 enabled.

    118099-image.png

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Regards,
    Yu Zhou

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. DonPick 1,256 Reputation points
    2021-07-24T00:06:06.617+00:00

    we set this policy (value=1.2) via GPO in our enterprise and it is VERY effective to block user override for old/bad TLS.
    https://learn.microsoft.com/en-au/DeployEdge/microsoft-edge-policies#sslversionmin

    when I use EdgeChromium v92 to test browserleaks, it show TLS1.0/1.1 disabled, except if I enable the IEMode feature on that browserleaks page, if I do that, TLS1.0/1.1 are enabled because IEMode/IE11 currently allow old TLS by default.

    I manage an enterprise corporate desktop ecosystem and we have a couple of very old intranet webapps which still use old TLS, we use IEMode to allow those.

    So, I don't trust that reference site you quoted (Fourth/hotschedules), I think its simply wrong or very outdated, as some of the feedback on the site itself suggests.

    1 person found this answer helpful.
  2. Nick M. Kulkarni 16 Reputation points
    2022-05-27T14:49:02.267+00:00

    I am trying to do the opposite and make sure that TLS 1.2 is enabled. The old settings in Internet Explorer and inetcpl.cpl are ticked on but the registry key I am used to seeing in HKLM under security providers/protocol is turning up empty in quite a few of my Windows 10 21H2 computers on our network.

    Anyone got any ideas about how to check this now IE has been deprecated and slated for removal?

    1 person found this answer helpful.
    0 comments