Java 8 (1.8) and higher
|
Compatible with TLS 1.1 or higher by default.
|
Java 7 (1.7)
|
Enable TLS 1.1 and TLS 1.2 using the https.protocols Java system property for HttpsURLConnection. To enable TLS 1.1 and TLS 1.2 on non-HttpsURLConnection connections, set the enabled protocols on the created SSLSocket and SSLEngine instances within the application source code. Switching to IBM Java may be an effective workaround if upgrading to a newer Oracle Java version isn't feasible.
|
Java 8 (IBM)
|
Compatible with TLS 1.1 or higher by default. You may need to set com.ibm.jsse2.overrideDefaultTLS=true if your application or a library called it by it uses SSLContext.getinstance("TLS").
|
Java 7 and higher, Java 6.0.1 service refresh 1 (J9 VM2.6) and higher, Java 6 service refresh 10 and higher
|
Enable TLS 1.2 using the https.protocols Java system property for HttpsURLConnection and the com.ibm.jsse2.overrideDefaultProtocol Java system property for SSLSocket and SSLEngine connections, as recommended by IBM's documentation. You may also need to set com.ibm.jsse2.overrideDefaultTLS=true.
|
.NET 4.6 and higher
|
Compatible with TLS 1.1 or higher by default.
|
.NET 4.5 to 4.5.2
|
.NET 4.5, 4.5.1, and 4.5.2 do not enable TLS 1.1 and TLS 1.2 by default. Two options exist to enable these, as described below.
Option 1:
.NET applications may directly enable TLS 1.1 and TLS 1.2 in their software code by setting System.Net.ServicePointManager.SecurityProtocol to enable SecurityProtocolType.Tls12 and SecurityProtocolType.Tls11. The following C# code is an example:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
Option 2:
It may be possible to enable TLS 1.2 by default without modifying the source code by setting the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319". Although the version number in those registry keys is 4.0.30319, the .NET 4.5, 4.5.1, and 4.5.2 frameworks also use these values. Those registry keys, however, will enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. It is thus advisable to test this change before deploying it to your production servers. This is also available as a registry import file. These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value.
|
.NET 4.0
|
.NET 4.0 does not enable TLS 1.2 by default. To enable TLS 1.2 by default, it is possible to install .NET Framework 4.5, or a newer version, and set the SchUseStrongCrypto DWORD value in the following two registry keys to 1, creating them if they don't exist: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" and "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319". Those registry keys, however, may enable TLS 1.2 by default in all installed .NET 4.0, 4.5, 4.5.1, and 4.5.2 applications on that system. We recommend testing this change before deploying it to your production servers. This is also available as a registry import file.
These registry values, however, will not affect .NET applications that set the System.Net.ServicePointManager.SecurityProtocol value.
|
Python 2.7.9 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Ruby 2.0.0
|
TLS 1.2 is enabled by default when used with OpenSSL 1.0.1 or higher. Using the :TLSv1_2 (preferred) symbol with an SSLContext's ssl_version helps ensure that TLS 1.0 or earlier is disabled. :TLSv1.2 requires OpenSSL 1.0.1c or later.
|
PHP
|
TLSv1.2 requires OpenSSL 1.0.1c or later. OpenSSL extension that PHP_CURL uses to make HTTP connections. The PHP_CURL OpenSSL extension must support TLSv1.2. To find the openssl_version information for cURL, run: php -r 'echo json_encode(curl_version(), JSON_PRETTY_PRINT);'
|
Node.js
|
Checkout https://nodejs.org/api/tls.html. TLSv1.2 requires OpenSSL 1.0.1c or later. Node.js uses the system supplied OpenSSL.
|
Microsoft WinINet
Windows Server 2012 R2 and higher
Windows 8.1 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Microsoft WinINet
Windows Server 2008 R2 to 2012
Windows 7 and 8
|
Compatible by default if Internet Explorer 11 is installed. If Internet Explorer 8, 9, or 10 is installed, then TLS 1.2 will need to get enabled by the user or an administrator for compatibility.
|
Microsoft Secure Channel (Schannel)
Windows Server 2012 R2 and higher
Windows 8.1 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Microsoft Secure Channel (Schannel)
Windows Server 2012
Windows 8
|
TLS 1.1 and TLS 1.2 are disabled by default, but are available if enabled by an application. TLS 1.1 and TLS 1.2 can be enabled by default within the registry.
|
Microsoft Secure Channel (Schannel)
Windows Server 2008 R2
Windows 7
|
Compatible by default in client mode when Internet Explorer 11 is installed. If Internet Explorer 11 is not installed or if Forge needs to connect to a service running on this type of system, then TLS 1.1 and TLS 1.2 can be enabled by default within the registry.
|
Microsoft WinHTTP and Webio
Windows Server 2012 R2 and higher
Windows 8.1 and higher
|
Compatible with TLS 1.1 and TLS 1.2 by default
|
Microsoft WinHTTP and Webio
Windows Server 2008 R2 SP1 and 2012
Windows 7 SP1
|
With KB3140245 applied, Webio is compatible by default, and WinHTTP can be configured via registry settings to enable TLS 1.2.
|
OpenSSL 1.0.1 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Mozilla NSS 3.15.1 and higher
|
Compatible with TLS 1.1 or higher by default.
|
iOS 4.21 or higher
|
Compatible with TLS 1.1 or higher by default.
|
Android 5.0 (Lollipop) and higher
|
Compatible with TLS 1.1 or higher by default.
|
Android 4.4 (KitKat) to 4.4.4
|
May be compatible with TLS 1.1 or higher. Some devices with Android 4.4.x may not support TLS 1.1 or higher.
|
Google Chrome 38 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Firefox 27 and higher
|
Compatible with TLS 1.1 or higher by default.
|
Microsoft Edge
|
Compatible with TLS 1.1 or higher by default.
|
Microsoft Internet Explorer Desktop and mobile IE version 11
|
Compatible with TLS 1.1 or higher by default
If you see the "Stronger security is required" error message, you may need to turn off the TLS 1.0 setting in the Internet Options | Advanced Settings list.
|
Microsoft Internet Explorer Desktop IE versions 8, 9, and 10
|
Compatible only when running Windows 7 or newer, but not by default.
Windows Vista, XP and earlier are incompatible and cannot be configured to support TLS 1.1 or TLS 1.2.
|
Apple Safari Desktop Safari versions 7 and higher for OS X 10.9 (Mavericks) and higher
|
Compatible with TLS 1.1 or higher by default.
|
Apple Safari Mobile Safari versions 5 and higher for iOS 5 and higher
|
Compatible with TLS 1.1 or higher by default.
|