Yesterday, Google, Mozilla, and Apple announced that by 2020, they will disable TLS 1.0 and 1.1 by default in their respective browsers.
Kyle Pflug, Senior Program Manager for Microsoft Edge said, "January 19th of next year marks the 20th anniversary of TLS 1.0, the inaugural version of the protocol that encrypts and authenticates secure connections across the web."
Chrome, Edge, Internet Explorer, Firefox, and Safari already support TLS 1.2 and will soon support recently-approved final version of the TLS 1.3 standard. On the other hand, Chrome and Firefox already support TLS 1.3, while Apple and Microsoft are still working towards supporting TLS 1.3.
Why disable TLS 1.0 and 1.1?
The Internet Engineering Task Force (IETF), an organization that develops and promotes Internet standards is hosting discussions to formally deprecated both TLS 1.0 and 1.1. TLS provides confidentiality and integrity of data in transit between clients and servers while exchanging information.
In order to keep this data safe, it is essential to use modern and highly secures versions of this protocol. The Apple’s Secure Transports team has listed down some benefits of moving away from TLS 1.0 and 1.1 including:
- Modern cryptographic cipher suites and algorithms with desirable performance and security properties, e.g., perfect forward secrecy and authenticated encryption, that are not vulnerable to attacks such as BEAST.
- Removal of mandatory and insecure SHA-1 and MD5 hash functions as part of peer authentication.
- Resistance to downgrade-related attacks such as LogJam and FREAK.
For Google Chrome users, Enterprise deployments can preview the TLS 1.0 and 1.1 removal today by setting the SSLVersionMin policy to ‘tls1.2’. For enterprise deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 until January 2021.
Post depreciation here is what each browser maker has promised:
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
- TLS 1.0 and 1.1 will be disabled altogether in Chrome 81, which will start rolling out “on early release channels starting January 2020.”
- Edge and Internet Explorer 11 will disable TLS 1.0 and TLS 1.1 by default “in the first half of 2020.”
- Firefox will drop support for TLS 1.0 and TLS 1.1 in March 2020.
- TLS 1.0 and 1.1. will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020.
Read more about this news in detail on Internet Engineering Task Force (IETF) blog post.
Introducing TLS 1.3, the first major overhaul of the TLS protocol with improved security and speed
Let’s Encrypt SSL/TLS certificates gain the trust of all Major Root Programs
Java 11 is here with TLS 1.3, Unicode 11, and more updates
United States
United Kingdom
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Argentina
Austria
Belgium
Bulgaria
Chile
Colombia
Cyprus
Czechia
Denmark
Ecuador
Egypt
Estonia
Finland
Greece
Hungary
Indonesia
Ireland
Italy
Japan
Latvia
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Singapore
Slovakia
Slovenia
South Africa
South Korea
Sweden
Switzerland
Taiwan
Thailand
Turkey
Ukraine
