https://techcrunch.com/2018/10/15/major-browsers-simultaneously-drop-support-for-old-security-standards/
By Devin Coldewey
Techcrunch.com
Oct 15, 2018
Firefox, Chrome, Edge, Internet Explorer and Safari are all dropping
support for older versions of the online security protocol TLS, used in
practically any encrypted exchange online. While few people or machines
are using the long-unsafe TLS 1.0 and 1.1, they’re still permitted in many
connections - but not for long.
Transport Layer Security is a community-developed standard that got its
1.0 release nearly 20 years ago. It and its close relative, 1.1, have
known flaws that make them unsafe to use for any secure communications.
1.2 addressed these major flaws in 2008 and is currently used by the vast
majority of clients. 1.3, released earlier this year, both improves and
streamlines the standard, but as yet has only a limited presence online as
many servers and services haven’t been updated to support it.
Mozilla, Google, Microsoft and WebKit all made separate but similar
announcements on their blogs, essentially that the old versions, 1.0 and
1.1, will be phased out by early 2020 - March specifically for some, which
we can take as a general indicator for the others.
"Two decades is a long time for a security technology to stand
unmodified," wrote Microsoft's Kyle Pflug. "While we aren’t aware of
significant vulnerabilities with our up-to-date implementations of TLS 1.0
and TLS 1.1, vulnerable third-party implementations do exist. Moving to
newer versions helps ensure a more secure Web for everyone."
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
