Microsoft postpones TLS 1.0 and 1.1 deprecation to second half of 2020
Microsoft announced yesterday that its plan to disable the security protocols TLS 1.0 and TLS 1.1 in the company's browsers has been postponed. The company wanted to disable the security protocols in the first half of 2020 initially but decided to postpone this in light of current global events.
All major browser makers pledged to disable the aging security protocols TLS 1.0 and 1.1 in the first half of 2020. Some, like Mozilla, went ahead with the change but reverted it when it became clear that some government sites still relied on these protocols. Users of Firefox could not access these sites anymore because of the disabled protocols. Mozilla re-enabled the protocols to make sure that Firefox users worldwide are able to access important sites in a time of crisis.
Microsoft's updated plan for discontinuing support for TLS 1.0 and 1.1 is as follows:
- New Chromium-based Microsoft Edge: TLS 1.0 and 1.1 will be disabled by default "no sooner than Microsoft Edge version 84". The browser is scheduled for a July 2020 release.
- Classic Microsoft Edge browser: TLS 1.0 and 1.1 will be disabled by default on September 8, 2020.
- Microsoft Internet Explorer 11: TLS 1.0 and 1.1 will be disabled by default on September 8, 2020.
Options are provided to enable TLS 1.0 and 1.1. if required. Users find settings to enable TLS 1.0 and TLS 1.1 in the Internet Options under Advanced.
Administrators may also change the settings in the Windows Registry. Here is how that is done:
- Open the Windows Registry Editor, e.g. by using Windows-R to open the run box, typing regedit.exe, and hitting the Enter-key.
- Confirm the UAC prompt that is spawned.
- Go to HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
- For TLS 1.0, do the following:
- If you don't see a TLS 1.0 entry, create one by right-clicking on Protocols and selecting New > Key. Name the key TLS 1.0.
- Right-click on TLS 1.0 and select New > Key. Name it Client.
- Right-click on the newly created Client key and select New > Dword (32-bit) Value. Name it Enabled.
- The default value is 0 which means that TLS 1.0 is disabled. To enable it, set the value to 1 instead.
- For TLS 1.1, do the following:
- f you don't see a TLS 1.1 entry, create one by right-clicking on Protocols and selecting New > Key. Name the key TLS 1.1.
- Right-click on TLS 1.1 and select New > Key. Name it Client.
- Right-click on the newly created Client key and select New > Dword (32-bit) Value. Name it Enabled.
- The default value is 0 which means that TLS 1.0 is disabled. To enable it, set the value to 1 instead.
- Exit the Registry Editor and restart Windows.
You can use a service such as the SSL/TLS Client Text by Browserleaks to list the supported protocols of the browser.
Now You: Have you visited sites recently that rely on these older protocols?
Why is this even news? I use Firefox 52ESR on Windows XP and it has TLS 1.2. So long as browsers on ancient OSes still work, I care not about this news.
I disabled support for TLS 1.0, 1.1 and 1.2 completely in Firefox via a setting. I did that a year ago. Since then I found few websites which would not load. I decided to skip them.
But in last quarter I found none.
Why keeping dead TLS 1.0 and 1.1 still around i have no idea.
Best is to avoid Microsoft.
Why did you disable 1.2?
Because 1.3 is around! And it works perfectly. As I mentioned I only found few pages in whole last year which have been most likely 1.2 and failed to load. Now, I can’t find any. Whole “normal” mainstream Internet is on 1.3 now. No point to keep 1.2 enabled. Also TLS 1.2 had security flaws not present in 1.3.
resist ID2020, Bill Gates, Microsoft, the “chip” and/or “tattoo.” People are desperate and given a few more months of these shutdowns and shut-ins, would probably take a QR code on their forehead if it came to that.
What…?
There probably is a 49% chance a human contagion will do us in, and another 49% i would bet is gonna be some really messy UEFI injection by M$ for the NSA. Good luck with your online banking transactions!
Off-Topic: Cloudflare anounced “1.1.1.1 for Families”
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Malware Blocking Only
Primary DNS: 1.1.1.2
Secondary DNS: 1.0.0.2
Malware and Adult Content Blocking
Primary DNS: 1.1.1.3
Secondary DNS: 1.0.0.3