TLS 1.0 and 1.1 deprecation: Chrome to display "your connection is not fully secure" warnings
Google announced today how the company's Google Chrome web browser will handle sites that use the security protocols TLS 1.0 or TLS 1.1 in the future.
Major browser developers including Google, Mozilla, Microsoft, and Apple revealed in 2019 that they would deprecate support for TLS 1.0 and TLS 1.1 in their web browsers. The decision was made to improve security and performance on the Internet. The protocols have no known security vulnerabilities but they don't support modern cryptographic algorithm either.
Mozilla started to disable TLS 1.0 and TLS 1.1 in Firefox Nightly, the cutting edge development version of the Firefox web browser, a few days ago.
Google Chrome Not Secure warnings
Starting with Google Chrome 79, Chrome will give sites a "not secure" label if TLS 1.0 or TLS 1.1 is used. The main intention is to provide users and webmasters with information that they may act upon; webmasters need to enable TLS 1.2 or later on the server to address the issue.
Starting with Google Chrome 81, Chrome will prevent connections to sites that use TLS 1.0 or TLS 1.1. The browser displays a warning page instead that reads "Your connection is not fully secure. This site uses an outdated security configuration, which may expose your information".
A click on the "not secure" label displays the very same message when Chrome 79 lands. Chrome users may set an experimental flag in the browser to test the new warning functionality before Chrome 79 lands. Here is how that is done:
- Load chrome://flags in the browser's address bar.
- Search for Show security warnings for sites using legacy TLS versions. You may also search for just TLS to speed this up.
- Set the flag to enabled.
- Restart the Google Chrome web browser.
Chrome will display the "not secure" label if a site uses TLS 1.0 or TLS 1.1. The change is visual in nature; users are not blocked from accessing the resource. Chrome displays warnings in the browser's built-in Developer Tools as well to inform webmasters and developers about the deprecation of earlier versions of TLS.
Chrome 81 will block connections to sites that use TLS 1.0 or 1.1. The browser displays an interstitial warning to users.
Enterprise admins may set policies to disallow TLS 1.0 or TLS 1.1 connections in Chrome or re-enable support for the older protocols until January 2021 when support is removed. Additional information on Chrome policies is found here.
Now You: Do any of the devices or sites that you visit frequently still use TLS 1.0 or 1.1?Advertisement