Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Microsoft finds itself in odd position of sparing elderly, insecure protocols: Grants stay of execution to TLS 1.0, 1.1

A few more months to get those servers upgraded 'in light of current global circumstances'

Microsoft has blinked once again and delayed disabling TLS 1.0 and 1.1 by default in its browsers until the latter part of 2020.

The move is in recognition of the fact that in the light of current events, administrators have their hands a little full dealing with a surge of remote working and a team likely not running at full capacity.

Originally slated to happen in the early part of 2020, the switch-off in Edge will come at some point around July, with version 84 of the Chromium-based browser. Internet Explorer 11, which Microsoft fervently wishes users would move on from, and Edge Legacy, the one everybody downloaded Chrome with, will see TLS 1.0 and 1.1 disabled by default from 8 September.

Transport Layer Security (TLS) 1.0 is over 20 years old and is very much a hangover from a simpler time. The cryptographic protocol is aimed at providing secure connections, but has long been the victim of miscreants and ne'er-do-wells. Microsoft, Google, Apple and Mozilla committed to at least disabling support for the technology by default (in favour of later versions) from this March, but events have somewhat overtaken things.

Moz, for example, gave the protocols the boot in favour of TLS 1.2 and 1.3 in February. It has since swiftly back-pedalled and re-enabled the older versions in Firefox 74 and 75 beta "to better enable access to sites sharing critical and important information during this time".

Microsoft has form when it comes to attempting to kill off elderly, insecure protocols. It has famously been trying to persuade its users to, for heaven's sake, stop using SMB1 for years in the face of pesky appliances and ageing products that continue to rely on the technology. A similar issue persists with TLS and that old bit of kit or dusty site that just insists on 1.0.

Microsoft's delay will mean slightly less pressure on web servers to be upgraded to support TLS 1.2 and above (and the vast majority already have been updated) but the respite, however welcome by under-pressure administrators, will be short-lived. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like