TLS 1.0 and TLS 1.1 will be invalidated by major browsers in 2020
by William Krapp
" TLS " is a type of protocol that encrypts data and transmits it over a network such as the Internet. Netscape Communications is an encryption protocol that was developed in the mid-1990s, " SSL as the successor to the" Internet Engineering Task Force for TLS that has been developed by the (IETF), the main browser is an older version to the prospect of the 2020 TLS1.0 , It was announced to end support of TLS 1.1.
Google Online Security Blog: Modernizing Transport Security
https://security.googleblog.com/2018/10/modernizing-transport-security.html
Removing Old Versions of TLS | Mozilla Security Blog
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020
https://thehackernews.com/2018/10/web-browser-tls-support.html
SSL developed by Netscape Communications released "SSL 2.0" in 1994, "SSL 3.0" which overcomes the vulnerability was released in November 1995. However, in 2014, a specification vulnerability was discovered for SSL 3.0, so the use of SSL 3.0 was prohibited by the IETF in 2015.
On the other hand, SSL has moved from Netscape Communications to the jurisdiction of IETF, and it is said that development has been started by third party institutions including security experts to realize secure Internet communication. "TLS 1.0" was released in 1999, and the transition from SSL to TSL was substantially carried out. "TLS 1.1" was released as an improved version in 2006, and "TLS 1.2" has been released in 2008. In addition, in August 2018 " TLS 1.3 " was officially released from the IETF as the latest version.
TLS with a history of over 20 years, TLS 1.0 and TLS 1.1 support is ended in the first half of 2020 "in major browsers such as Google Chrome · Safari · Microsoft Edge · Internet Explorer · FireFox It was announced.
by Patrick Bombaert
It is pointed out that TLS 1.0 and TLS 1.1 which are old versions of TLS are vulnerable to a large number of attacks and support is expected to be terminated for the purpose of improving Internet communication safety. The browser itself terminates its support for old TLS, making attacks that exploit vulnerable protocols impossible.
TLS 1.2 has exceeded 10 years since its release, and it is very widely used in Internet communication. According to Microsoft already many websites are compatible with TLS 1.2, and 94% websites are compatible with TLS 1.2 at the time of article creation. Also, the percentage of TLS 1.0 and TLS 1.1 used in Microsoft Edge communications is less than 1%.
In Safari, 99.6% of the communication is done by the communication protocol of TLS 1.2 or later, and 98% or more of the whole Internet communication is also done with TLS 1.2 or TLS 1.3 for FireFox. In Mozilla's security blog, "The time of 20 years is eternal on the Internet," and that TLS 1.0 and TLS 1.1 that have protected a lot of communication have to end support as soon as possible.
Related Posts:
in Web Service, Security, Posted by log1h_ik