All major browsers drop TLS 1.0 and 1.1 in 2020
All major web browser makers announced on October 15, 2018 that the browsers that they produce will stop supporting the standards TLS 1.0 and TLS 1.1 in 2020.
The change was announced by Google, Apple, Microsoft, and Mozilla on company websites.
Transport Layer Security (TLS) is a security protocol used on the Internet to protect Internet traffic. It uses encryption to protect the data from eavesdropping.
TLS 1.0 and TLS 1.1 are old standards. TLS 1.0 turned 19 this year, a very long time on the Internet. The main issue with TLS 1.0 is not that the protocol has known security issues but that it doesn't support modern cryptographic algorithms.
TLS 1.1 on the other hand is used by only 0.1% of all connections and while it addresses some limitations of TLS 1.0, newer standards such as TLS 1.2 or TLS 1.3 are better suited going forward. It is also relatively old as it turned 10 recently.
The use of more modern protocol versions improves performance and security of connections by introducing features such as perfect forward secrecy and resistance to downgrade-related attacks. TLS 1.2 is also the requirement for HTTP/2 which offers performance improvements when used.
Telemetry data collected by browser makers show that more than 99% of connections use TLS 1.2 or higher already. About 0.5% of all HTTPS connections in Chrome use TLS 1.0 or 1.1 and the figures are similar for other browsers.Â Â TLS 1.3 final was published by the Internet Engineering Task Force in August 2014.
It is a major update of TLS 1.2 that improves the speed and security of the connection significantly. One major gain speed-wise is the reduction to a single round-trip for handshakes instead (TLS 1.2 uses two round-trips). More and more sites on the Internet adopt TLS 1.3 to use the benefits that the standard provides.
Mozilla Firefox, Microsoft Edge, Google Chrome, and Apple Safari will drop support for TLS 1.0 and TLS 1.1 in March 2020.
The change affects a large number of sites and services. While many can be upgraded to only support TLS 1.2 and TLS 1.3, sites and devices that are no longer supported may never receive updates to support these new versions.
Here are the links to the announcements:
- Apple:Â Deprecation of Legacy TLS 1.0 and 1.1 Versions
- Google:Â Modernizing Transport Security
- Microsoft:Â Modernizing TLS connections in Microsoft Edge and Internet Explorer 11
- Mozilla:Â Removing Old Versions of TLS
Now You: What is your take on the announcement?Advertisement