VI. Feature Setup

How to disable TLS 1.0 and 1.1 on Vigor 3900

Products:
Vigor 2960
Vigor 3900
Keywords:
Cipher
Encryption
HTTPS
SSL
Show all

How does TLS work with HTTPS?

HTTPS takes the well-known and understood HTTP protocol, and layers SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption on top of it. Servers and clients still speak exactly the same HTTP to each other, but over a secured link that encrypts and decrypts their requests and responses. Over the years, there have been numerous incremental improvements or security fixes to ensure that HTTPS data can only be read by the client and server.

As new versions of TLS become available, browsers and applications will use the most secure protocol available. Older protocol versions are often allowed for compatibility purposes, however this can pose a security risk if these older protocols have known weaknesses or vulnerabilities. Web browsers and security checks such as PCI Data Security Standard (PCI DSS) can enforce that only newer versions of TLS are allowed

Protocol Deprecated From Notes
TLS 1.0 June 2018 Not trusted for secure traffic such as card information processing by PCI DSS standards as of June 2018.
TLS 1.1 March 2020 Web browsers do not support TLS 1.1 as of March 2020 and may display a warning if no later version of TLS is available.
TLS 1.2 - TLS 1.2 is currently the most used version of TLS and has made several improvements in security compared to TLS 1.1.

TLS encryption is used when you access the Router’s web interface using HTTPS. The DrayTek Vigor 3900 and Vigor 2960 routers support TLS 1.2, but allow TLS 1.1 and 1.0 to be used for compatibility with older browsers and clients.

This article explains how you can disable the TLS 1.0 and 1.1 for Routers HTTPS management, so that Router uses the more secure TLS 1.2 for its HTTPS management:

1. Firstly, login to the Router, you can see the logon interface:

2. Navigate to [System Maintenance] > [Access Control] > [Access Control] and under HTTP security you need to select disable TLS 1.1 and 1.0:

3. Set "Allow TLS 1.0/1.1" to Disable and click on Apply to apply the change. The Router’s HTTPS management will now only use TLS 1.2 for its HTTPS management.

4. To verify that Router is using TLS 1.2, you can access the Router’s web interface using HTTPS and next to the URL, you can click on the lock Symbol and click on details, this will show the TLS encryption the Router uses.

You can find additional information on the router's HTTPS security and supported ciphers with an external testing service such as Qualys SSL Test.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1