Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Web browsers sharpen knives for TLS 1.0, 1.1, tell protocols to dig their own graves for 2019

IE, Edge, Safari, Firefox, Chrome, all planning to deprecate lousy old versions by 2020

Richard Chirgwin Tue 16 Oct 2018  //  07:03 UTC

Sysadmins and netizens, it's time to get serious about killing off old, buggy and insecure versions of Transport Layer Security (TLS) – the encryption used to secure connections to HTTPS websites like your bank, El Reg, and so on.

For one thing, web browser makers are laying out coordinated deprecation plans, meaning if your website is still using TLS 1.0 or 1.1, and nothing more recent, browsers will soon flag up your site as insecure or complain they are unable to connect.

The Internet Engineering Task Force has been considering when to hold the funeral of TLS 1.0, which will be 20 years old in January 2019, as well as a burial for TLS 1.1, since June this year. Its Internet-Draft on the matter is expected to formalize the 'net standards body's “die die die” recommendation later this year. When the draft progresses to standard status, the IETF will no longer fix new protocol vulnerabilities in TLS 1.0 and 1.1.

It's official: TLS 1.3 approved as standard while spies weep

READ MORE

Microsoft noted on Monday that fewer than “one per cent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.” Edge and Internet Explorer will ditch their TLS 1.0 and 1.1 support in the first half of next year, Redmond said, which puts the software giant ahead of the pack, since the other major browsers will start the process in 2020.

The WebKit folks also provided on Monday a longer deadline, saying support will be removed from Safari in iOS and macOS “beginning in March 2020.” WebKit's data puts the continued use of the ancient protocols around that of Microsoft's measurement – specifically, “0.36 per cent of TLS connections made from Safari.”

WebKit's developers also want to know if there are “legacy services or devices that cannot be upgraded,” either via a bug report or email.

Mozilla Firefox's deprecation will also start in March 2020, for the 0.1 per cent of TLS 1.1 connections spotted by its telemetry. The deprecation will show up earlier in its pre-release code – beta, developer edition, and the nightly builds.

Google said this week its TLS 1.0/1.1 connection rate from Chrome browsers is 0.5 per cent, and deprecation will start on its early release channels in January 2020. ®
Send us news
21 Comments

Do you trust Xi with your 'private' browsing data? Apple, Google stores still offer China-based VPNs, report says

Some trace back to an outfit under US export controls for alleged PLA links

Mozilla frets about Google's push to build AI into Chrome

AI could bring a new round of browser wars

Cops want Apple, Google to kill stolen phones remotely – so why won't they?

Tech giants say blocking purloined devices via IMEI could open new fraud risks

Google quietly pushes emergency fix for Chrome 0-day as exploit runs wild

TAG team spotted the V8 bug first, so you can bet nation-states weren’t far behind

Blocking stolen phones from the cloud can be done, should be done, won't be done

Big tech can't be bothered to fight crime. It can barely be bothered even to say so

Apple goes glass whole as it pours new UI everywhere

Annual infomercial spruiks visual change, modest functional enhancements, and a movie

You say Cozy Bear, I say Midnight Blizzard, Voodoo Bear, APT29 …

Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad instead

Microsoft brings 365 suite on-prem as part of sovereign cloud push

Mostly aimed at Europe and its increasingly nervous users

Google faces billion-quid bruising over Play Store fees in the UK

Competition Appeals Tribunal gives nod for claim to go to trial

Altman fluffs superintelligence to save humanity as OpenAI slashes prices

Everything is AWESOME!!!

Google Cloud goes down, takes Cloudflare and its customers with it

Big G said it was fixed, but acknowledged ongoing customer pain

RIP: Bill Atkinson, co-creator of Apple Lisa and Mac

His work set the direction of modern computer interfaces, and much more