TLS Safari compatibility
OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N WSTG-CRYP-01
The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-
- The connection is private
- The identity of parties can be authenticated
- The connection is reliable
Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.
Some of the TLS certificates do not support old Safari versions.
Impact
The impact include:-
- Renegotiation attack
- Downgrade attacks like Logjam and FREAK
- Cross-platform attacks like DROWN
- BEAST attack
- Breach attacks
- POODLE attacks
Mitigation / Precaution
This vulnerability can be fixed by:-
- Changing the TLS cipher for the end users that use the older version of Safari.
Check your website security today and
identify vulnerabilities before hackers exploit them.