The makers of all popular browsers – IE, Edge, Safari, Firefox, and Chrome included – have announced plans to disable Transport Layer Security (TLS) protocol versions 1.0 and 1.1 by default.
Transport Layer Security (TLS) 1.0 and 1.1 are the early versions of encryption used to secure connections to HTTPS websites. Their job is to provide confidentiality and integrity of data in transit between clients and servers.
This week, and not unexpectedly, all the big browser manufacturers released co-ordinated announcements that TLS 1.0, which will be 20 years old next January, and TLS 1.1 will no longer be supported by their browsers. Newer, updated versions of the security protocol will be favoured instead.
The reasons given for dropping these versions of the protocol are that:
Each browser has given slightly different dates for their formal dropping of TLS 1.0 and 1.1. For Microsoft browsers it will be later this year. For Apple support for TLS 1.0 and 1.1 will end in March 2020. For Mozilla, March 2020 will also be the removal date, and for Google browser users on early release channels, the date will be January 2020.
What Does This Mean For Your Business?
It is understandable that, with these versions being very old and unmodified, and not used by many connections, and with newer, more secure and better performance versions available, now is a good time to end default support for TLS 1.0 and 1.1. We are told that the newer successor versions offer greater security and performance and less vulnerability to certain types of attack e.g. BEAST, LogJam and FREAK (Factoring RSA Export Keys). These benefits are, of course, likely to be attractive to most businesses.
News of the co-ordinated killing-off of these 2 versions of the protocol may not be such great news of course, to those who have websites that still only using TLS 1.0 or 1.1, because browsers will soon flag up those websites as insecure or state that they are unable to connect.