TLS 1.2 versus TLS1.1 and 1.0

Auditors flagged out and recommend that we upgrade to TLS1.2, but there will be downstream impact. R there workaround?

TLS 1.2 is currently the most used version of TLS and has made several improvements in security compared to TLS 1.1. According to RFC 4346, the major differences that exist in TLS 1.2 when compared to TLS 1.1 include the following:

 

The MD5/SHA-1 combination in the pseudorandom function (PRF) is replaced with SHA-256 with the option to use the cipher-suite-specified PRFs.

The MD5/SHA-1 combination in the digitally-signed element is replaced with a single hash which is negotiated during the handshake.

Improvements to the clientƒ??s and serverƒ??s ability to specify the accepted hash and signature algorithms.

Support for authenticated encryption for other data modes

TLS extensions and AES cipher suites were added

Tightened up various requirements

The greater enhancement in encryption of TLS 1.2 allows it to use more secure hash algorithms such as SHA-256 as well as advanced cipher suites that support elliptical curve cryptography. To check if a particular https:// web page is using TLS 1.2 encryption, you can run it through an ssllabs test. The results will provide you with information regarding what the site is using for security protocols, the cipher suites, etc.