More on Browsers and TLS - ThreatWire Cross (Patreon)

Four major tech companies - Apple, Google, Microsoft, and Mozilla have all teamed up to deprecate TLS 1.0 and 1.1 by early 2020.  TLS stands for Transport Layer Security, a protocol started in 1999 used to secure connections from users on the internet. Many vulnerabilities and bugs have been found in TLS over the years, and newer versions of TLS have been released to patch the bugs. 

TLS 1.2 was introduced in 2008. The four vendors want websites to move to TLS 1.2. Only around 1% would need to make that change since most sites are already up to date. Eventually, TLS 1.3 should take it’s place, but this newest protocol wasn’t published until August of 2018.

Apple states that 99.6% of all sites currently use 1.2, while sites with TLS 1.0 and 1.1 are at 0.36% on their browser. Apple will remove 1.1 and 1.0 in March 2020 from Safari, via updates to Apple iOS and MacOS.

Google will drop 1.0 and 1.1 support in Chrome 72, with the protocol being disabled entirely in Chrome 81. Google currently supports older cryptographic algorithms such as RSA key exchange, SHA-1, and CBC-mode cipher suites, but all of these have vulnerabilities, and all of which are not included in TLS 1.3. As such, these will also be evaluated for deprecation.

Microsoft mentions that they expect the IETF (the Internet Engineering Task Force) to deprecate the protocol later this year, which means support won’t be available.

And lastly, Mozilla says Firefox will not include support for the protocol starting in March of 2020. Mozilla also clarifies that website owners can just upgrade to 1.3 if they want, which also makes connections faster.