Major Browsers to Kill TLS 1.0, 1.1
18.10.2018 securityweek

All major web browsers will deprecate support for the older Transport Layer Security (TLS) 1.0 and 1.1 traffic encryption protocols in the first half of 2020.

Apple, Google, Microsoft and Mozilla on Monday announced plans to kill the protocol in their browsers to provide users with better security.

The move is not surprising, given that TLS 1.0 will turn 20 in January 2019 and TLS 1.3 is already half a year old. As for TLS 1.1, it was mainly designed to address a limitation of TLS 1.0 and prevent specific attacks that can be addressed in other ways.

“Two decades is a long time for a security technology to stand unmodified. […] vulnerable third-party implementations do exist. Moving to newer versions helps ensure a more secure Web for everyone,” Microsoft says.

Both TLS 1.0 and 1.1 are known to include weaknesses, some of which were addressed with the release of TLS 1.2 a decade ago. Despite that, however, the protocols continue to be supported by more than 70% of all websites.

“These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1,” Google notes in a blog post.

TLS 1.2, which is a prerequisite for HTTP/2, delivers significant performance improvements for the web, provides better security, and is already supported by over 94% of websites. Apple says TLS 1.2 is used in 99.6% of TLS connections made from Safari.

TLS 1.3 too is expected to soon start seeing broad adoption, so the percentage of legacy TLS connections will likely drop further.

“Additionally, we expect the IETF to formally deprecate TLS 1.0 and 1.1 later this year, at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF,” Microsoft points out.

Thus, in March 2020, support for legacy TLS 1.0 and 1.1 connections will be removed in all major browsers, including Chrome, Firefox, Safari, and Microsoft’s Edge and Internet Explorer 11.

Because upgrading TLS could take a lot of time, the initial announcement is made one year and a half before the planned deprecation to ensure that website developers have enough time at their disposal to complete the transition to TLS 1.2 or newer.

“For sites that need to upgrade, the recently released TLS 1.3 includes an improved core design that has been rigorously analyzed by cryptographers. TLS 1.3 can also make connections faster than TLS 1.2,” Mozilla notes.

Only a small number of websites should be impacted by the change, and servers can enable both modern and legacy options to continue to supporting legacy clients, even if that will carry security risks (DROWN, FREAK, and ROBOT attacks).