In an unprecedented move for the SSL/TLS ecosystem, the four major browsers have uniformly announced that they will deprecate TLS 1.0 and 1.1 starting in 2020.

The following browser vendors issued statements providing their deprecation plans:

  • Apple: Currently supports TLS 1.2 on 99.6-percent of connections made by Safari. Apple will deprecate TLS 1.0 and 1.1 with updates to Apple iOS and macOS starting in March 2020.
  • Google: Chrome makes 0.5 per cent of HTTPS connections with TLS 1.0 and 1.1. Chrome 72 will deprecate TLS 1.0 and 1.1 with warnings in the DevTools console. TLS 1.0 and 1.1 will be disabled altogether in Chrome 81 expected to be released in January 2020.
  • Microsoft: Edge and Explorer 11 will disable TLS 1.0 and 1.1 in the first half of 2020.
  • Mozilla: Firefox already makes far more connections with TLS 1.3 than with TLS 1.0 and 1.1 combined. In March 2020, Firefox will disable support for TLS 1.0 and 1.1.

The SSL/TLS protocol is made up of many versions: SSL 1.0, 2.0 and 3.0 plus TLS 1.0, 1.1, 1.2 and 1.3. The SSL 1.0 version was never deployed and over the last few years the industry has phased out the use of SSL 2.0 and 3.0.

Earlier this year TLS 1.3 was released per RFC 8446. TLS 1.3 is already supported by Chrome and Firefox and content delivery networks such as Akamai and Cloudflare. There are currently two secure versions of TLS (i.e., TLS 1.2 and 1.3) available, which allows for backwards compatibility and secure growth.

Telemetry from the browsers indicate that about 0.5 percent of HTTPS connections are still made using TLS 1.0 and 1.1. As such, the browsers have delayed deprecation until 2020. This will provide server administrators with the time needed to upgrade their systems to support TLS 1.2 and 1.3.

 

 

Bruce Morton

Bruce Morton

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.