2 Replies Latest reply: Mar 2, 2014 3:07 PM by Derek Currie
groktheworld Level 1 Level 1 (0 points)

Wikipedia indicates that Safari 5 and beyond supports TLS 1.2. I haven't been able to get Safari 5 or 6 to work with a tomcat server configured to accept only TLS 1.2 SSL encryption. A few questions:

 

1. Is TLS 1.2 supported in Safari?

2. Which versions if any?

3. Is there some OS or Safari configuration required?

 

Thanks


MacBook Pro with Retina display, Mac OS X (10.7.4)
  • 1. Re: Does Safari support TLS 1.2
    Paintbrush Level 1 Level 1 (0 points)

    I went through the process of changing this on Wikipedia recently after seeing the same thing as you, and after doing a lot of research and testing figuring out the same as what you uncovered.

     

    1. Neither TLS 1.1 or 1.2 are supported in Safari on OS X, even on the most up-to-date version of OS X (10.8.5) and Safari (6.0.5) only TLS 1.0 is supported. It's really just another example of Safari on OS X being in severe need of some love and attention (the longstanding major graphics glitches were bad enough, and it's been barely updated in a year). I'd definitely just check out Chrome if I were you, I pushed forward trying to use Safari for a very long time but ultimately it's not a patch on Chrome. Safari on OS X is pretty much a footnote, whereas Chrome is the polar opposite.

     

    Chrome has supported TLS 1.1 for almost the past year and the current stable released five weeks ago has full support for TLS 1.2. If you want to be very diligently looked after and safe (not just in regards to TLS), as well as generally being on the bleeding edge of the web you should definitely check out Chrome on OS X.

     

    2. Although no version of Safari on OS X supports 1.1 or 1.2, Safari on iOS is a complete different story. Safari on iOS supports TLS 1.2.

     

    3. No.

  • 2. Re: Does Safari support TLS 1.2
    Derek Currie Level 1 Level 1 (90 points)

    After testing, I can verify that the latest version of Safari, v7.0.2 (OS X Mavericks ONLY), does use TLS 1.2.

     

    No version of Safari 6.x goes above TLS 1.0, which of course is a travesty and [insert expletive here] of Apple. Obviously, this should have been addressed.

     

    Here is a site where you can test web clients (browsers) for TLS:

     

    http://HowsMySSL.com

     

    The 'Beast Attack' was addressed by Apple about a year and a half ago, whereby lousy old TLS 1.0 is retained, but workarounds are used to prevent this specific attack. I don't know more about the situation than that. As you'll see at the above website, all versions of Safari previous to v7.x will FAIL the test as 'bad' specifically because they're using TLS 1.0.