Blog | G5 Cyber Security

Browser & SSL Compatibility

G5 Cyber Security

TL;DR

Keep your browsers updated! Check SSL certificate validity regularly and ensure you’re using modern protocols like TLS 1.3. This guide shows how.

Checking Browser Support

  1. Identify Your Browsers: Find out which browsers (Chrome, Firefox, Edge, Safari) your users are on. Tools like StatCounter can help.
  2. Browser Version Check: Each browser has a way to check its version:
    • Chrome: Click the three dots (top right) > Help > About Google Chrome.
    • Firefox: Click the three lines (top right) > Help > About Firefox.
    • Edge: Click the three dots (top right) > Help and feedback > About Microsoft Edge.
    • Safari: Safari > About Safari.
  3. Compatibility Tables: Check browser compatibility for web standards at Can I use… This site shows which features are supported in different versions.
  4. Update Browsers: Encourage users to update their browsers regularly. Outdated browsers often lack security fixes and support for modern web technologies.

SSL Certificate Checks

  1. Certificate Validity: Use an SSL checker tool like SSL Shopper to verify your certificate’s expiration date.
    • Enter your domain name and run the check.
    • Pay attention to any warnings about expired or invalid certificates.
  2. Certificate Chain: Ensure a complete certificate chain is installed on your server. This includes intermediate certificates.
    • Your hosting provider usually handles this, but it’s worth checking their documentation.
  3. Protocol Support: Verify you’re using modern SSL/TLS protocols (TLS 1.2 or TLS 1.3). 
    openssl s_client -connect yourdomain.com:443
    • Look for the ‘Protocol’ line in the output. It should show TLSv1.2 or TLSv1.3.
  4. Cipher Suites: Use strong cipher suites. Weak ciphers can be exploited. 
    openssl s_client -connect yourdomain.com:443 | openssl x509 -noout -cipher
    • This command lists the supported cipher suites. Prioritize those with ECDHE and AES encryption.

Browser SSL Configuration

  1. HSTS (HTTP Strict Transport Security): Enable HSTS to force browsers to use HTTPS.
    • Add the following header to your web server configuration: 
      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
  2. OCSP Stapling: Enable OCSP stapling to improve SSL certificate validation speed.
    • This reduces the load on Certificate Authorities. Your hosting provider or web server documentation will have instructions.
Exit mobile version