Jump to content

HTTPS/Browser Recommendations

From Wikitech

Wikimedia encourages its readers to use modernweb browserswhich support secure internet connections. Below are recommendations for how to update to a modern web browser.

Many older computers, mobile devices or web browsers only support outdated cryptographic methods that are becoming insecure in the face of modern attacks. Wikimedia will no longer support these outdated cryptographic methods to ensure security against eavesdropping and interference (man-in-the-middle attacksordowngrade attacks). Many other sites on the Internet also require (or will soon require) a strong minimum levels of cryptographic abilities from your computer or mobile device. Keeping up-to-date with security updates from web browsers and operating systems will be essential for staying secure and continuing full access to all websites on the Internet.

Advice

For all users

  • Please make sure you have applied the latest security updates to your operating system and have updated your web browser. Remember that for most browsers and devices, they will only be updated after you fully close them and restart them.
  • Disable or uninstall any 3rd party "anti-virus" software. Most of them do more harm than good when they interfere with your browser's secure connections.[1][2]

For users of Microsoft Windows

Windows XP
Windows Vista
  • If you must use Windows Vista,install and use Firefox 52 ESR instead of Internet Explorerto access our sites.
    • Note that while this release is the latest available to Windows Vista it is not maintained and will contain security bugs.
  • You should upgrade to Windows 10 or Windows 11. Windows Vista has very serious security flaws.[n 3]
Windows 7
  • If you must use Windows 7,install and use Firefox 115 ESRinstead of Chrome, Internet Explorer or Edge.
    • Note that Firefox 115 ESR is the last version that supports Windows 7 and 8.1. It will receive security updates until at least March 2025.[4]
  • If you must use the unsupported Internet Explorer 11 on Windows 7, you're able to do so, but you might need to open Settings and click the checkbox to "Enable TLS 1.2" underInternet Options -> Advanced -> (Security section)
  • You should upgrade to Windows 10 or Windows 11.[n 4]
Windows 8.1
  • If you must use Windows 8.1,install and use Firefox 115 ESRinstead of Chrome, Internet Explorer or Edge.
    • Note that Firefox 115 ESR is the last version that supports Windows 7 and 8.1. It will receive security updates until at least March 2025.[4]
  • You should upgrade to Windows 10 or Windows 11.[n 5]
Windows 10 or Windows 11
  • You should upgrade theMicrosoft Edgebrowser or switch to a different browser such asFirefox,Chrome,orOpera.
  • Please also ensure you stay up-to-date with security updates from Windows Update, and ensure you regularly upgrade your browser if applicable.

For users of Apple macOS

Upgrade your operating system to macOS 10.12.1 (Sierra) or higherif your hardware supports it.If that is not possible, upgrade to the latest macOS release available for your computer, and consider installing an alternate secure browser instead of Safari. Such asChrome,Firefox,orOpera.

For users of Apple iPhone, iPad, and iPod

Upgrade to iOS version 10 (or higher)if supported on your device.If your device is too old for iOS 10, consider a device upgrade. Check to ensure you have the latest version of whatever browser you may use in the App Store.

For users of Android devices

Upgrade to the latest version of Android that is possible for your device. Consider a device upgrade if your Android software cannot be upgraded to at leastversion 4.4,which was initially released by Google in 2013. Check the Play Store (or vendor-specific app store) to ensure you've installed the latest updates to core components and the browser (usually Chrome).

For IT personnel that manage outbound Proxy appliances

Please ensure you are running the latest stable software release from your vendor, and that you keep up with this regularly. Please also consult your vendor and/or their documentation as to how you may need to configure your outbound proxy to support stronger encryption/ciphers. SeeHTTPSfor technical requirements.

Logs for Wikipedia have indicated that there are many requests from corporate desktop browsers that meet the version requirements of operating system, web browser, and device - but still suffer from downgraded cipher choice when communicating over the Internet due to outdated or poorly configured outbound proxies.

You may use an online tester to check which ciphers are supported by the browser you are currently using, such as the one provided byQualys (SSL Labs).

Notes

  1. Our sites no longer allow pageviews from IE-on-XP at all.
  2. Microsoft ended all technical support for this system version in 2014.[3]Microsoft provides no more security updates for the many flaws which have been discovered in Windows XP and its version of Internet Explorer after 2014. More-detailed technical information about removal of IE-on-XP support from our projects by 2017-10-17 is available atHTTPS/3DES Deprecation
  3. Microsoft no longer supports Vista, and does not provide security updates since April 2017.
  4. Microsoft no longer supports Windows 7 (including Internet Explorer on Win7), and does not provide security updates since January 2020, except paid extended security updates (ESU), which ended in January 2023.
  5. Microsoft no longer supports Windows 8.1 (including Internet Explorer on Win8.1), and does not provide security updates since January 2023.

References

See also