Google, Microsoft, Mozilla, and Apple today announced they will disable Transport Layer Security (TLS) 1.0 and 1.1 by default in their respective browsers in 2020. TLS 1.2 will thus be the default version, unless of course TLS 1.3 is available.
TLS is a cryptographic protocol designed to provide communications security over a computer network — websites use it to secure all communications between their servers and browsers. TLS also succeeds Secure Sockets Layer (SSL) and thus handles the encryption of every HTTPS connection.
The latest version, TLS 1.3, is supported by both Chrome and Firefox. Microsoft and Apple plan to support TLS 1.3 in future versions of Edge and Safari, respectively.
TLS 1.0 will turn 20 years old on January 19, 2019. Here is what each browser maker has promised:
- TLS 1.0 and 1.1 will be disabled altogether in Chrome 81, which will start rolling out “on early release channels starting January 2020.”
- Edge and Internet Explorer 11 will disable TLS 1.0 and TLS 1.1 by default “in the first half of 2020.”
- Firefox will drop support for TLS 1.0 and TLS 1.1 in March 2020.
- TLS 1.0 and 1.1. will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020.
Microsoft notes that “less than one percent of daily connections” in Microsoft Edge are using TLS 1.0 or TLS 1.1. That’s great news, but the company didn’t share usage for IE, which is likely much higher.
Apple added that TLS 1.0 and TLS 1.1 account for less than 0.36 percent of all connections made through Safari. Google and Mozilla did not share comparable numbers at the time, but it’s fair to say usage of older TLS versions is declining.
All four browser makers are calling on sites to move off of TLS 1.0 and TLS 1.1 as soon as possible. SSL Labs shows that 94 percent of sites today support TLS 1.2.
Update at 11:30 a.m. Pacific: This story started with Microsoft’s news, but Google, Apple, and Mozilla also made the same announcements for their respective browsers later in the day. With Flash also going away in two years, 2020 can’t come soon enough.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here