the main
Instructions
Error in Internet Explorer. Make sure SSL and TLS are enabled. Make sure ssl and tls protocols are enabled Enabling tls protocols in windows 10

Error in Internet Explorer. Make sure SSL and TLS are enabled. Make sure ssl and tls protocols are enabled Enabling tls protocols in windows 10

TLS encrypts Internet traffic of all kinds, thereby making communication and sales on the Internet secure. We'll talk about how the protocol works and what the future holds.

From the article you will learn:

What is SSL

SSL, or Secure Sockets Layer, was the original name for the protocol that Netscape developed in the mid-90s. SSL 1.0 was never publicly available, and version 2.0 had serious flaws. SSL 3.0, released in 1996, was completely overhauled and set the tone for the next stage of development.

What is TLS

When the next version of the protocol was released in 1999, it was standardized by a special working group designing the Internet and gave it a new name: Transport Layer Security, or TLS. As the TLS documentation says, "the difference between this protocol and SSL 3.0 is not critical." TLS and SSL form an ever-evolving series of protocols and are often collectively referred to as SSL / TLS.

TLS encrypts any kind of Internet traffic. The most common type is web traffic. You know when your browser is establishing a TLS connection - if the link in the address bar starts with "https".

TLS is also used by other applications such as mail and teleconferencing systems.

How TLS Works

Encryption is required to communicate securely on the Internet. If your data is not encrypted, anyone can analyze it and read sensitive information.

Most safe method encryption is asymmetric encryption... This requires 2 keys, 1 public and 1 private. These are files with information, most often very large numbers... The mechanism is complex, but to put it simply, you can use a public key to encrypt data, but you need private keyto decrypt them. The two keys are linked through a complex mathematical formula that is difficult to hack.

You can think of a public key as information about the location of a private mailbox with a hole, and a private key like the key that opens the drawer. Anyone who knows where the box is can put a letter there. But to read it, a person needs a key to open the drawer.

Since asymmetric encryption uses complex mathematical calculations, a lot of computing resources... TLS solves this problem by using asymmetric encryption only at the beginning of the session to encrypt the communication between the server and the client. The server and client must agree on the same session key, which the two will use to encrypt the data packets.

The process by which the client and server agree on a session key is called handshake... This is the moment when 2 communicating computers are introduced to each other.

TLS handshake process

The TLS handshake process is quite complex. The steps below outline the process in general so that you understand how it works in general.

  1. The client contacts the server and requests a secure connection. The server responds with a list of ciphers - an algorithmic set for creating encrypted connections - that it knows how to use. The client compares the list with its list of supported ciphers, picks the appropriate one, and lets the server know which one they will use together.
  2. The server provides its digital certificate - electronic documentsigned by a third party that authenticates the server. The most important information in the certificate is the public key to the cipher. The client confirms the authenticity of the certificate.
  3. Using the server's public key, the client and server establish a session key that they both will use throughout the session to encrypt the communication. There are several methods for this. The client can use the public key to encrypt an arbitrary number, which is then sent to the server for decryption, and both parties then use this number to establish the session key.

A session key is only valid for one continuous session. If for some reason the communication between the client and the server is interrupted, a new handshake will be needed to establish a new session key.

Vulnerabilities in TLS 1.2 and TLS 1.2 protocols

TLS 1.2 is the most widely used protocol version. This version installed the original session encryption options framework. However, like some previous versions of the protocol, this protocol allowed older encryption techniques to be used to support older computers. Unfortunately, this led to vulnerabilities in version 1.2, as these older encryption mechanisms became more vulnerable.

For example, TLS 1.2 has become particularly vulnerable to tampering attacks, in which a hacker intercepts data packets in the middle of a session and sends them after reading or modifying them. Many of these problems have emerged over the past 2 years, so it became urgent to create an updated version of the protocol.

TLS 1.3

TLS version 1.3, soon to be finalized, addresses many of the vulnerability issues by dropping support for legacy encryption systems.
IN new version there is compatibility with previous versions: for example, the connection will be rolled back to TLS 1.2 version if one of the parties cannot use more new system encryption in the list of allowed algorithms for protocol version 1.3. However, in a tampering attack, if a hacker forcibly tries to roll back the protocol version to 1.2 in the middle of a session, this action will be noticed and the connection will be terminated.

How to enable TLS 1.3 support in Google Chrome and Firefox browsers

Firefox and Chrome support TLS 1.3, but this version is not enabled by default. The reason is that it exists so far only in draft form.

Mozilla Firefox

Enter about: config into your browser address bar. Confirm that you understand the risks.

  1. The Firefox preferences editor will open.
  2. Search security.tls.version.max
  3. Change the value to 4 by double-clicking on the current value.



Google chrome

  1. Enter chrome: // flags / into your browser's address bar to open the experiment panel.
  2. Find the # tls13-variant option
  3. Click on the menu and check Enabled (Draft).
  4. Restart your browser.

How to check if your browser is using version 1.2

We remind you that version 1.3 is not yet in public use. If you do not want
use a draft, you can stay at version 1.2.

To verify that your browser is using version 1.2, follow the same steps as in the instructions above and make sure that:

  • For Firefox, security.tls.version.max is 3. If it is lower, change it to 3 by double-clicking the current value.
  • For Google chrome: click on the browser menu - select Settings - select Show advanced settings - drop down to the section System and click on Open proxy settings ...:

  • In the window that opens, click on the Security tab and check that the Use TLS 1.2 box is ticked. If not, put it and click OK:


The changes will take effect after you restart your computer.

A quick tool to check your browser's SSL / TLS version

Go to Labs Online SSL Version Checker. The page will show in real time the version of the protocol used, and whether the browser is susceptible to any vulnerabilities.

Sources: translation

If you are faced with an issue where there is an error accessing a specific site, and a message appears in the browser, there is a reasonable explanation. The reasons and solutions to the problem are given in this article.

SSL TLS

Users of budgetary organizations, and not only budgetary ones, whose activities are directly related to finance, in interaction with financial organizations, for example, the Ministry of Finance, the Treasury, etc., conduct all their operations exclusively using the secure SSL protocol. Basically, they use the Internet Explorer browser in their work. In some cases, Mozilla Firefox.

SSL error

The main attention, when carrying out these operations, and the work in general, is paid to the security system: certificates, electronic signatures... Used for work software CryptoPro current version... Concerning problems with SSL and TLS protocols, if a sSL error appeared, most likely there is no support for this protocol.

TLS error

TLS error in many cases can also indicate a lack of protocol support. But ... let's see what can be done in this case.

SSL and TLS protocol support

So, at using Microsoft Internet Explorer to visit the SSL secured website, the title bar displays Make sure ssl and tls protocols are enabled... The first step is to enable TLS 1.0 support in Internet Explorer.

If you visit a website that is running Internet Information Services 4.0 or higher, internet setup Explorer for TLS 1.0 support helps you secure your connection. Provided, of course, that the remote web server you are trying to use supports this protocol.

For this in the menu Service select team Internet options.

In the tab Additionally in section Security, make sure the following check boxes are selected:

  • Use SSL 2.0
  • Use SSL 3.0
  • Use SSL 1.0

Click the button Apply , and then OK . Restart your browser .

After enabling TLS 1.0, try visiting the website again.

System security policy

If still occur sSL and TLS errorsif you still can't use SSL, the remote web server probably doesn't support TLS 1.0. In this case, you must disable the system policy that requires FIPS-compliant algorithms.

To do this, in Control panels choose Administrationand then double-click the icon Local security policy.

In Local Security Settings, expand Local Policiesand then click Security options.

According to the policy on the right side of the window, double click System cryptography: use FIPS-compliant algorithms for encryption, hashing, and signingand then click Disabled.

Attention!

The change takes effect after reapplication local security policy. Turn it on, restart your browser.

CryptoPro TLS SSL

Update CryptoPro

One of the solutions to the problem is updating CryptoPro, as well as setting up the resource. In this case, it is working with electronic payments. Go to the Certification Center. Select Electronic marketplaces as a resource.

After launch automatic tuning workplace, only wait until the procedure is completed, then restart browser... If you need to enter or select a resource address, select the one you need. Also, after completing the setup, you may need to restart your computer.

If you are faced with an issue where there is an error accessing a specific site, and a message appears in the browser, there is a reasonable explanation. The reasons and solutions to the problem are given in this article.

SSL TLS

SSL TLS

Users of budgetary organizations, and not only budgetary ones, whose activities are directly related to finance, in interaction with financial organizations, for example, the Ministry of Finance, the Treasury, etc., conduct all their operations exclusively using the secure SSL protocol. Basically, they use the Internet Explorer browser in their work. In some cases, Mozilla Firefox.

SSL error

The main attention, when carrying out these operations, and the work in general, is paid to the security system: certificates, electronic signatures. For work, the software CryptoPro of the current version is used. Concerning problems with SSL and TLS protocols, if a sSL error appeared, most likely there is no support for this protocol.

TLS error

TLS error in many cases can also indicate a lack of protocol support. But ... let's see what can be done in this case.

SSL and TLS protocol support

So, when using Microsoft Internet Explorer to visit a website over SSL secured, the title bar displays Make sure ssl and tls protocols are enabled... The first step is to enable TLS 1.0 support in Internet Explorer.

If you are visiting a website that is running Internet Information Services 4.0 or higher, configuring Internet Explorer to support TLS 1.0 helps secure your connection. Provided, of course, that the remote web server you are trying to use supports this protocol.

For this in the menu Service select team Internet options.

In the tab Additionally in section Security, make sure the following check boxes are selected:

Use SSL 2.0
Use SSL 3.0
Use TLS 1.0

Click the button Apply , and then OK . Restart your browser .

After enabling TLS 1.0, try visiting the website again.

System security policy

If still occur sSL and TLS errorsif you still can't use SSL, the remote web server probably doesn't support TLS 1.0. In this case, you must disable the system policy that requires FIPS-compliant algorithms.

To do this, in Control panels choose Administrationand then double-click the icon Local security policy.

In Local Security Settings, expand Local Policiesand then click Security options.

According to the policy on the right side of the window, double click System cryptography: use FIPS-compliant algorithms for encryption, hashing, and signingand then click Disabled.

Attention! The change takes effect after local politics security is reapplied. I.e turn it on and restart your browser .

CryptoPro TLS SSL

Update CryptoPro

SSL TLS Configuration

Network configuration

Another option could be disable NetBIOS over TCP / IP - located in the connection properties.

DLL registration

Run command line as administrator and enter the command regsvr32 cpcng... For a 64-bit OS, you must use the regsvr32 found in syswow64.

This error code usually appears on the screen when you go to a business or government website. A striking example is the official portal of the ENI. It is possible that the failure was caused by obsolete or insecure TSL protocol parameters. This is a very common problem. Users face it for a long period of time. Now let's figure out what exactly caused this error and how to fix it.

The security of connection to the website is ensured by using special encryption protocols - SSL and TSL. They protect the transmission of information. The protocols are built on the use of symmetric and asymmetric encryption tools. Message authenticity codes and other options also apply. Taken together, the above measures allow maintaining the anonymity of the connection, so third parties are deprived of the opportunity to decrypt the session.

When an error appears in the browser indicating problems with the TSL protocol, it means that the website is using incorrect parameters. Hence, the connection is really not secure. Access to the portal is automatically blocked.

Most often, the error is encountered by users working through the Internet Explorer browser. There are several reasons for this failure, namely:

  • antivirus is blocking the connection to the website;
  • outdated version of the "CryptoPro" utility;
  • the portal is connected via VPN;
  • incorrect settings of the Internet Explorer browser;
  • “SecureBoot” function is activated in BIOS;
  • there are infected files and viruses on the computer.

We figured out the reasons for the error. It's time to analyze possible ways solving the problem.

Troubleshooting instructions

If the error persists, then it's time to try alternative methods:

Practice shows that each of the listed tips can fix the problem. So just follow the instructions.

Conclusion

Experts assure that the considered software glitch appears due to the antivirus installed on the user's computer. For some reason, the program blocks access to the website. So first, just turn off the antivirus, change the settings for checking certificates. It is likely that this will fix the problem. If the error persists, then try each of the tips above. As a result, the security problem of the TSL protocol will be definitely solved.

Instructions

You may also like