"scan encrypted connections"option enables tls 1.0 and tls 1.1

[ssohrub]

guys

 

i enabled "Scan encrypted connections" under network setting 

so kaspersky adds it's certificate to websites and scans them

but it seems tls 1.0 and tls 1.1 that are now both obsolete

and many browsers have disabled them

both are enabled 

it means enabling "encrypted connection scan" under network setting

decreases security by enabling connection to both tls 1.0 and tls 1.1 sites

check this site https://badssl.com/dashboard/

enable/disable "scan encrypted connection"under network setting , clear the cache and close the browser

again check the above site

here are the results :

 

 

[ssohrub]

guys also check this site :

https://browserleaks.com/tls

both tls 1.0 and 1.1 are enabled when "scan encrypted connection"option under network setting , is enabled

and both tls 1.0/1.1 are disabled when"scan encrypted connection"is disabled

results

Edited July 11, 2023 by ssohrub

[ssohrub]

only in this site :

https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html

that kaspersky root certificate is not enabled,both tls 1.0 and 1.1 are disabled

so please answer:

should an end user enable "scan encrypted connection" option or not , at last 

why kaspersky "encrypted connection"scan and it's root certificate , enables both obsolete and weak tls 1.0 and 1.1 ?

[murat5038]

If you think there is a problem with Kaspersky operation, you can request support with My Kaspersky.
There are only TLS-related texts in the pictures, nothing about Kaspersky.
The product you use, system information, etc. Many elements are missing. The browser, the configuration you are using etc. a lot of information is missing, I recommend you to inform and open them in the record where you will create a support ticket.

https://support.kaspersky.com/b2c/

https://support.kaspersky.com/KPC/1.0/en-US/101733.htm

[ssohrub]

12 hours ago, murat5038 said:

If you think there is a problem with Kaspersky operation, you can request support with My Kaspersky.
There are only TLS-related texts in the pictures, nothing about Kaspersky.
The product you use, system information, etc. Many elements are missing. The browser, the configuration you are using etc. a lot of information is missing, I recommend you to inform and open them in the record where you will create a support ticket.

https://support.kaspersky.com/b2c/

https://support.kaspersky.com/KPC/1.0/en-US/101733.htm

why did i put the problem here in the forum , because it is not personal

everyone can tries and see him/herself the results

and the problem is not only about kaspersky but about many vendors

here is a 2017 study :

deleted site

summary

"...A 2017 study shows that 5 to 10% of HTTPS connections are established by HTTPS-filtering applications. It is usually done by various kinds of antivirus software. The bad news is that 24 out of 26 tested antiviruses reduced, in various ways, the connection security level, while two-thirds created connections prone to hacking..."

i ask what kaspersky has done that prevent this attacks , why tls 1.0/1.1 enables when htpps scan enables and the root certificate of the kaspersky is used by the browser

i ask experts of the kaspersky to answer

my system tested  is :

windows 10 22h2 (v19045.3208) , chrome v114.0.5735.199 , kaspersky free v21.13.5.506(a)

[ssohrub]

site tested : https://badssl.com/dashboard/

 

[ssohrub]

site tested : https://badssl.com/dashboard/

[ssohrub]

site tested : https://browserleaks.com/tls

[ssohrub]

site tested : https://browserleaks.com/tls

[ssohrub]

in this website : Link deleted

https scan is not done by kaspersky (even if you enable it in network settings )

so the root certificate of kaspersky is not used and as expected , the obsolete weak tls 1.0/11 are not enabled