Browser Makers To Drop Support for TLS 1.0 and 1.1 in 2020
The browser makers are taking those measures in advance of an Internet Engineering Task Force (IETF) proposal to deprecate TLS versions 1.0 and 1.1, although that proposal is still at the draft stage. The 10-year-old TLS 1.2 version has been recommended for use by the IETF since 2008, but even version 1.2 has "now itself been superceded by TLSv1.3," the IETF's draft proposal argued.
The TLS protocol is used to create a secure channel during an Internet connection, typically between client and server. The current proposed standard by the IETF is TLS version 1.3.
TLS 1.0 and 1.1 are being "actively deprecated" by government agencies and the Payment Card Industry Association. TLS 1.0 requires the use of older cipher suites, and it doesn't support recommended ones, such as "using
AEAD [Authenticated Encryption with Associated Data] ciphers." Handshaking using TLS 1.0 depends on using SHA-1 hashes, which can be broken by a "downgrade attack," the proposal added. The IETF draft proposal stated that both TLS 1.0 and 1.1 "must not be used."
The use of TLS versions 1.0 and 1.1 is down, with browser makers reporting that less than 1 percent of all connections are using those protocol versions. An Apple announcement indicated that "complete support [for those versions] will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020."
Google, for its part, plans to show deprecation warnings for the use of TLS 1.0 and 1.1 when it releases Chrome 72, and it'll disable those protocol versions with the release of Chrome 81. "This will affect users on early release channels starting January 2020," Google explained in an announcement.
Microsoft announced plans to disable TLS 1.0 and 1.1 in its Edge and Internet Explorer 11 browsers "in the first half of 2020." The announcement added that "sites should begin to move off of TLS 1.0 and 1.1 as soon as is practical."
Mozilla is planning to disable TLS 1.0 and 1.1 support in its Firefox browser "in March of 2020," according to an announcement, although this change likely will show up earlier in its pre-release browser versions. Mozilla's announcement suggested that while TLS 1.0 doesn't necessarily require immediate action, the protocol just lacks proper cryptographic capabilities. Mozilla recommends moving to TLS 1.3:
For sites that need to upgrade, the recently released TLS 1.3 includes an improved core design that has been rigorously analyzed by cryptographers. TLS 1.3 can also make connections faster than TLS 1.2. Firefox already makes far more connections with TLS 1.3 than with TLS 1.0 and 1.1 combined.
Qualys' SSL Pulse statistics site is showing that TLS 1.2 is the most-used version of the protocol, with 94 percent of sites using it, based on an October 2018 sampling.
Müəllif
Metbuat.az
Qaynar xətt
0552252950
Həmçinin oxu
Süni intellekt üçün internet “Bakcell”dən
en.ictnews.az
DİGƏR XƏBƏRLƏR
Daha çox »Top xəbərlər
Layihələr
Son xəbərlər
Türkiyə nəhəngi dünya çempionatının ulduzunu transfer edir
Bu gün
·
19:05
Nazir ona vəzifə verdi
Bu gün
·
18:18
Milli Məclisin növbədənkənar sessiyasının son iclası keçiriləcək - YENİLƏNİB
Bu gün
·
17:28
Hərbçimiz vəfat etdi
Bu gün
·
17:08
Hasil Abbasov üç nəfərə yüksək vəzifə verdi
Bu gün
·
17:06
Şimşək çaxacaq, dolu düşəcək - XƏBƏRDARLIQ
Bu gün
·
17:04
Əli Əsədov Rusiyanın səhiyyə naziri ilə görüşdü
Bu gün
·
16:47
Rafael Ağayevə ağır itki üz verdi
Bu gün
·
16:35
Paytaxtda maşından meyit tapıldı
Bu gün
·
16:25
Azərbaycanda bank kartları ilə bağlı mühüm açıqlama
Bu gün
·
16:08
“Azərsun Holdinq” şəkər çuğunduru emalı həcmini 800 min tona qaldıracaq
Bu gün
·
15:54
Moda dizayneri Kamilla Məmmədzadə "Yes Couture"brendi ilə birlikdə Azərbaycan xalçalarından ilhamlanan kolleksiyasını təqdim etdi – FOTO
Bu gün
·
15:50
Salahın meneceri Türkiyədə: Bu kluba keçir
Bu gün
·
15:33
Oğuzda meyit tapıldı
Bu gün
·
15:25
Geomaqnit qasırğası olacaq
Bu gün
·
15:05