Great browsers to pull support for TLS 1.0 and 1.1 encryption protocols in the early 20's



[ad_1]

Manufacturers of the four major browsers all said Monday that their applications will abandon the support of TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

"In March 2020, Firefox will disable support for TLS 1.0 and TLS 1.1," wrote Martin Thomson, senior engineer at Mozilla, in an article published on a company blog.

Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) have posted similar reviews. All identified the beginning of 2020 as the target of disabling support.

TLS is the successor to the SSL encryption protocol (Secure Socket Layer), better known; Secure SSL and TLS communications between the browser and the destination server prevent criminals from reading traffic and, in so doing, spying on users or stealing valuable information, such as login information and credit card numbers. credit.

The two protocols TLS 1.0 and 1.1 – the first will be 20 years in January – have been made obsolete by the protocols 1.2 and 1.3 later. TLS 1.3 was defined in August by the Internet Engineering Task Force (IETF), an organization that develops voluntary standards necessary for the operation of the Internet. The four browsers now support TLS 1.2 and Chrome and Firefox have introduced support for the TLS 1.3 interim specification.

Most websites already support TLS 1.2 – Qualys cited 94% in its October 2 Internet sample survey – and encrypted TSL 1.0 and 1.1 traffic is relatively rare for browsers. Microsoft said that less than 1% of daily connections to its Edge were using 1.0 / 1.1, Mozilla said that about 1.2% of connections reaching the beta of Firefox 62 in August and September were based on protocols, and Apple claimed that versions 1.0 and 1.1 accounted for less than 0.4% of all connections to Safari on Apple platforms.

Even then, browser builders plan to give site owners considerable time before the plug-in is removed. "We understand that upgrading something as fundamental as TLS can take a long time," said Thomson, of Mozilla. "This change concerns a large number of sites, which is why we are making this announcement well before the March 2020 delisting date."

Each developer will adhere to his own schedule, even if the final ditching dates can be grouped together.

Apple Removes support for TLS 1.0 and 1.1 from Safari in March 2020 through macOS and iOS updates.

Google will begin to disapprove the protocols in Chrome 72, whose shipping is scheduled for January 2019; at this time, warnings will begin to appear in the DevTools console. Support for TLS 1.0 and 1.1 will evaporate from Chrome 81, which is expected to be released by March 2020. "But this will affect early-release channel users as of January 2020," warned David Benjamin. engineer at Google.

Benjamin added that companies could extend TLS 1.0 or 1.1 support until January 2021 by setting SSLVersionMin policy at "tls1.0" or "tls1.1" respectively.

Microsoft was less transparent than its rivals, claiming only that the protocols would be disabled by default "in the first half of 2020". The action would be performed in Edge, the browser only on Windows 10, and Internet Explorer 11 (IE11), now relegated to a legacy role.

Mozilla TLS 1.0 / 1.1 technology will be removed from Firefox in March 2020, but like Google, the developer warned users that the change would reach preview versions (Beta, Developer, and Nightly) sooner than that. "We will announce specific dates when we have more detailed plans," said Thomson.

[ad_2]
Source link