Bye bye, TLS 1.0 and 1.1: Apple, Microsoft, Mozilla and Google all wave adieu to old security protocol
As part of a coordinated movement between four of the biggest names in tech, the old TLS 1.0 and 1.1 security protocols are to be killed off in Safari, Edge, Internet Explorer, Firefox and Chrome in 2020.
Apple, Microsoft, Mozilla and Google have come together to purge the internet of these old and buggy protocols, noting that most people have now moved to TLS 1.2, if not TLS 1.3. Although 94 percent of sites already support version 1.2, a tampering off period over the next 18 months will give everyone a chance to catch up.
- Browser Reaper: exploit causes Firefox to crash
- Users balk as Chrome 69 forcibly signs them into the browser
- Trend Micro backtracks on browser history collection after its apps are removed from mac App Store
All four companies say that TLS 1.0 and 1.1 support will be dropped in early 2020, a full two decades after TLS 1.0 first appeared. Age is one of the reasons the IETF (Internet Engineering Task Force) is expected to officially deprecate the protocols later this year, although no announcement has been made about this yet.
Microsoft points out that "sites should begin to move off of TLS 1.0 and 1.1 as soon as is practical" while Apple says that "we are deprecating support for TLS 1.0 and 1.1. Complete support will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020".
In its announcement, Google notes that:
Chrome will deprecate TLS 1.0 and TLS 1.1 in Chrome 72. Sites using these versions will begin to see deprecation warnings in the DevTools console in that release. TLS 1.0 and 1.1 will be disabled altogether in Chrome 81. This will affect users on early release channels starting January 2020.
Mozilla echoes the fact that the old protocols are little-used nowadays, saying: "Our telemetry shows that only 0.1 percent of connections use TLS 1.1".