How can we improve the Microsoft Edge developer experience?

Support TLS 1.3 with 1-RTT

TLS 1.3, the next version of security protocol for private and authenticated communication, is in the final phase of specification.
Cloudflare already supports it, Chrome 56 plans to support it January 2017 and Firefox in March 2017.
Edge should not stay behind and support TLS 1.3 with 1-RTT as well, ideally in the upcoming Creator's Update already.

468 votes
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Martin Suchan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

12 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...
  • GreggL commented  ·   ·  Flag as inappropriate

    Last month NIST updated its Cryptographic Algorithms and Key Lengths standard ‘NIST SP 800-131A Rev.2’. As a result, many current TLSv1.1/TLSv1.2 ciphers are now considered as “Weak”.

    In addition to the NIST revision, many organizations still rely on CBC ciphers in TLSv1.1/TLSv1.2. Beginning end of May 2019, those ciphers will be rated as "F" with SSL Labs. That leaves only a few ciphers that will still be considered safe to use in TLSv1.1/TLSv1.2.

    TLSv1.3 is desperately needed to provide quantum-safe cryptography. It has already been adapted by Chrome, Firefox, Safari and OpenSSL. Microsoft users really need Microsoft adapt TLSv1.3 ASAP to maintain regulatory attestation compliance.

  • Danny Murphy commented  ·   ·  Flag as inappropriate

    I'm now only accepting TLS 1.3 on my website, so everyone on IE and Edge. TLS 1.3 has been out long enough for support to be possible. Has anyone seen any updates from Microsoft about this?

  • Mårten commented  ·   ·  Flag as inappropriate

    What will status of this be with news of chromium based edge?

    Also, is this an schannel related thing? Will it still be added to Schannel?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Using a completely fresh install of Ubuntu 18.10, Apache 2.4.37, openssl-1.1.1a with the SSLProtocol directive set to TLSv1.3 only.

    Status as of 20018-12-02:
    Firefox 63.0.3 works out of the box.
    Chrome 70 requires chrome://flags/#tls13-variant set to "Enabled(Final)". It comes with it set to "Enabled(Draft 23)". Yikes.
    Microsoft Edge 1809 fails with TLS error.

    Changed directive to "SSLProtocol TLSv1.3 TLSv1.2", and then Firefox and Chrome were TLS 1.3, and Edge was TLS 1.2 with no error.

    C'mon MS, fix this.

  • Bernd P commented  ·   ·  Flag as inappropriate

    This becomes more urgently necessary now since TLS 1.3 has been finalised. MS should get rid of all old/weak/broken and obsolete encryption types ASAP. Add Chacha20_poly1305! in Windows 10, and Camellia with 128Bits+
    CGM and CCM modes.
    Also: Implementation of PCIDSS 3.2 Compliance. Getting rid of TLS 1.0 and all older protocols.
    Thank you.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I agree! Support for TLS 1.3 is the most important you can do in Microsoft Edge right now!

    Thanks!

Feedback and Knowledge Base