Monday, 15 October 2018

Major Web Browsers Ditch TLS 1.0 And TLS 1.2 Encryption Protocols.

 Chrome, Firefox , Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020.
Swati Khandelwal.
All major web browsers , including Google Chrome , Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox , altogether today announced to soon remove support for TLS 1 .0 (20 - year - old ) and TLS 1 .1 (12 - year - old ) communication encryption protocols.
Developed initially as Secure Sockets Layer (SSL ) protocol , Transport Layer Security (TLS ) is an updated cryptographic protocol used to establish a secure and encrypted communications channel between clients and servers .
There are currently four versions of the TLS protocol — TLS 1 .0 , 1 .1 , 1 .2 and 1 . 3 (latest)— but older versions , TLS 1 .0 and 1 .1 , are known to be vulnerable to a number of critical attacks , such as POODLE and BEAST .
Since TLS implementation in all major web browsers and applications supports downgrade negotiation process , it leaves an opportunity for attackers to exploit weaker protocols even if a server supports the latest version .
All Major Web Browsers Will Remove TLS 1. 0 and TLS 1. 1 Support in 2020
According to the press releases published by four major companies,
Google, Microsoft, Apple and
Mozilla, their web browsers will completely drop TLS 1 .0 and 1 .1 support by default in the first half of 2020 .
TLS 1 .2 , which was released ten years ago to address weaknesses in TLS 1 .0 and 1 .1 , has enjoyed wide adoption since then , and will thus be the default TLS version unless the availability of TLS 1 .3 , which is currently in the development stage.
According to Microsoft, as TLS 1 . 0 continues to age , many websites have already moved to newer versions of the protocol . Today 94 percent of sites already support TLS 1 .2 , while only less than one percent of daily connections in Microsoft Edge are using TLS 1 . 0 or 1 .1 .
"Two decades is a long time for a security technology to stand unmodified . While we aren ' t aware of significant vulnerabilities with our up - to -date implementations of TLS 1 .0 and TLS 1 .1 , vulnerable third - party implementations do exist, " Microsoft writes .
"Moving to newer versions helps ensure a more secure web for everyone . Additionally , we expect the IETF to formally deprecate TLS 1 .0 and 1 .1 later this year , at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF. "
Apple also says TLS 1 .2 is the standard on its platforms and represents 99 .6 percent of TLS connections made from Safari , while TLS 1 .0 and 1 .1 account for less than 0 . 36 percent of all connections .
Google could not agree more and says that today only 0 . 5 percent of HTTPS connections made by Chrome use TLS 1 .0 or 1 .1 .
All the tech companies recommended websites that do not support TLS 1 .2 or newer to move off of the old versions of the protocol as soon as possible and is practical .
Furthermore, the PCI Data Security Standard (PCI DSS ) compliance also requires websites to disable SSL /TLS 1 .0 implementation by June 30 , 2018.
Besides these tech giants , Gitlab today also announced to deprecate support for TLS 1 .0 and TLS 1 .1 on its website and API infrastructure by the end of 2018 .
You can also manually disable older TLS versions on Google Chrome by opening Settings → Advanced Settings → Open Proxy Settings → Click ‘ Advanced ’ Tab → Under ‘Security ’ section uncheck TLS 1 .0 and 1 . 1 and then save .


SHARE THIS

Author:

Etiam at libero iaculis, mollis justo non, blandit augue. Vestibulum sit amet sodales est, a lacinia ex. Suspendisse vel enim sagittis, volutpat sem eget, condimentum sem.

0 comments: