Major browsers simultaneously drop support for old security standards

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2018/10/15/major-browsers-simultaneously-drop-support-for-old-security-standards/

By Devin Coldewey
Techcrunch.com
Oct 15, 2018

Firefox, Chrome, Edge, Internet Explorer and Safari are all dropping 
support for older versions of the online security protocol TLS, used in 
practically any encrypted exchange online. While few people or machines 
are using the long-unsafe TLS 1.0 and 1.1, they’re still permitted in many 
connections - but not for long.

Transport Layer Security is a community-developed standard that got its 
1.0 release nearly 20 years ago. It and its close relative, 1.1, have 
known flaws that make them unsafe to use for any secure communications. 
1.2 addressed these major flaws in 2008 and is currently used by the vast 
majority of clients. 1.3, released earlier this year, both improves and 
streamlines the standard, but as yet has only a limited presence online as 
many servers and services haven’t been updated to support it.

Mozilla, Google, Microsoft and WebKit all made separate but similar 
announcements on their blogs, essentially that the old versions, 1.0 and 
1.1, will be phased out by early 2020 - March specifically for some, which 
we can take as a general indicator for the others.

"Two decades is a long time for a security technology to stand 
unmodified," wrote Microsoft's Kyle Pflug. "While we aren’t aware of 
significant vulnerabilities with our up-to-date implementations of TLS 1.0 
and TLS 1.1, vulnerable third-party implementations do exist. Moving to 
newer versions helps ensure a more secure Web for everyone."

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_