What is new with TLS 1.3?

TLS 1.3 is aimed to make sure less user information is available in plain text. It uses three cipher suites to achieve that in the earlier version of TLS. Client authentication exposed client identity unless renegotiation was made. This is always confidential in TLS 1.3. Applications and Server will have to start implementing and honoring the new security protocol, but as of now, it is not in a strict mode. If the browser supports it, but not the website, then it will fall back to the next available TLS version.

Enable or disable TLS 1.3 in Windows 11/10

While Windows offers TLS, it depends on the applications if it wants to use that or their own stick. For example, Chrome doesn’t use the Windows TLS layer. That said, for TLS to work, it has to be enabled both on the client and the server. Those using the Windows server, TLS 1.3 is enabled by default in IIS/HTTP.SYS. In Windows 10, starting with Insider Preview build Build 20170.

Enable TLS on Microsoft Edge LegacyEnable TLS in Microsoft Edge (Chromium)Enable TLS 1.3  in Chrome BrowserEnable TLS 1. 3 in Firefox

Once you enable the settings, you should restart the browser for TLS 1.3 to be effective. Be aware that this feature is still rolling out to all browsers, and may show up in your browser a little late.

1] Enable TLS on Microsoft Edge Legacy

Type inetcpl.cpl in the Run prompt (Win + R) and press the Enter keyIt will open the Internet Properties window. Switch to the Advanced sectionUnder the security section, check the box against TLS 1.3Restart the browser

2] Enable TLS in Microsoft Edge (Chromium)

This version of Edge is built on Chromium Engine, which does not use the Windows TLS stack. You will have to configure them independently using the edge://flags dialogue.

In a new tab in Edge, type edge://flagsSearch for TLS 1.3 and enable the settings

Remember, it is still in an experimental stage as it is first deployed with Windows 10 Insider first, and then it will be in a broader layout.  So if you don’t want to use it, you can use other browsers that use their stack of TLS 1.3.

3] Enable TLS 1.3  in Chrome Browser

Since Chrome and Edge both use the Chromium engine, you can enable or change the setting the same way with Chrome Flags.

Type chrome://flags in a new tab on Edge, and press the Enter key.Search for TLS 1.3, and enable the settings

You will notice that the settings are enabled by default for Chrome. Something similar will happen eventually for all browsers.

4] Enable TLS 1. 3 in Firefox

Launch Firefox, and in type about:config followed by press the enter key in a new Tab.It will open the configuration area with a search box.Locate security.tls.version.max flag, and double click to edit the valueChange the value from 3 to 4.Restart the Firefox browser

I hope the post was easy to follow, and if you plan to use TLS, you can enable it in Windows, and all supported browser. If you wish to disable, change the value to three.

How to check if TLS 1.3 is enabled correctly?

You can use the Cloudflare’s Browsing Experience Security Check to know if TLS 1.3 is enabled by default. Once on the page, press Check My Browser button, and it will reveal details such as Secure DNS, DNSSEC, TLS 1.3, and Encrypted SNI.