In a coordinated announcement, Microsoft, Google, Apple and Mozilla have declared that they will remove the TLS 1.0 and TLS 1.1 protocols in 2020
According to experts in digital forensics, Transport Layer Security (TLS) is a protocol that can be used to encrypt communication between a web browser and the visited site. This protocol provides an encrypted channel that allows data the user sends and receives from secure websites to be inaccessible to third parties who attempt to listen to their communications. While this type of communication channel is important for all privacy issues, it is especially important when sending private information, such as usernames, passwords, personal identifying information, and financial information.
For the past 20 years, web browsers have supported the original TLS 1.0 specification and then TLS 1.1, but browsers no longer use them. Instead, browsers are using the safest and most optimized specifications for TLS 1.2 and TLS 1.3. These new specifications not only include security improvements, but also support new protocols such as the HTTP/2 network protocol, which can increase web browsing speed.
More than 94% of the sites surveyed by a digital forensics firm stated that they are already compatible with TLS 1.2, so it has been agreed to remove the 20-year-old protocol in favor of the newer mechanisms, which have better support and can provide a safer way to browse.
In addition, the statistics provided by Chrome, Safari, Edge and Firefox show that most users no longer use these protocols:
- Google claims that only 0.5% of the HTTPS connections made by Chrome use TLS 1.0 or TLS 1.1
- Apple reports that on its platforms, less than 0.36% of the HTTPS connections made by Safari use TLS 1.0 or TLS 1.1
- Microsoft reports that only 0.72% of the secure connections made by Edge use TLS 1.0 or 1.1
- On the other hand, Firefox has the most connections, using TLS 1.0 or 1.1 up to 1.2%, but it is still a very small amount
Each company has its own plans to remove obsolete protocols.
- Google plans to stop using TLS 1.0 and TLS 1.1 in Chrome 72, where developers will see warnings in the development tools. These protocols will be completely disabled from Chrome 81
- Mozilla will disable Firefox support for TLS 1.0 and TLS 1.1 in March 2020. Users of the Beta, Developer and Nightly versions of Firefox will see these changes before
- Microsoft claims to disable support for TLS 1.0 and 1.1 in Edge and Internet Explorer 11 in the first half of 2020
- Apple has stated that they will eliminate support for these protocols on iOS and macOS as of March 2020
For Windows users who want to know if these changes can affect them, digital forensics specialists from the International Institute of Cyber Security report that they can check this by disabling the current protocols. Using the Windows Internet Options Control Panel, you can disable TLS 1.0 and 1.1 and see if it causes any problems with the sites you frequent. You can follow the following procedure:
- In the search field of the Start menu, type Internet options and click when the result is displayed
- When Internet options are opened, click Advanced
- Look for options using TLS 1.0 and use TLS 1.1 in the Security section. Then uncheck each of these options
- Press Apply and then OK to save the changes
You can now browse the internet normally using Edge or Internet Explorer to determine if these changes had any effect on the sites you visit.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.