TLS Safari compatibility

The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-

1. The connection is private
2. The identity of parties can be authenticated
3. The connection is reliable

Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.

Some of the TLS certificates do not support old Safari versions.

Impact

The impact include:-

• Renegotiation attack
• Downgrade attacks like Logjam and FREAK
• Cross-platform attacks like DROWN
• BEAST attack
• Breach attacks
• POODLE attacks

Mitigation / Precaution

This vulnerability can be fixed by:-

• Changing the TLS cipher for the end users that use the older version of Safari.