Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Jimi Wikman
    Jimi Wikman

    Chrome will start blocking TLS - TLS 1.0 and TLS 1.1 will be blocked as unsecure

    Last year the team behind Chromium announced that support for the transport protocols 1.0 and 1.1 would no longer be supported in a future update. Since January this year unsecured sites have seen warnings and now in March all sites secured using the 1.0 and 1.1 versions of TLS will see a full page interstitial warning.

    The fact that TLS (Transport Layer Security) 1.0 and 1.1 are insecure has been known for a while and it makes sense to remove support for them. Despite that TLS 1.2 was released 10 years ago there are still around 0.5% of all sites still using the now 20 year old 1.0 and 1.1 protocols. I assume this might be more troublesome than it sounds as I still see people using the old transport protocols in their infrastructure in a way that makes it almost impossible to upgrade.

    If you have a commercial website of any kind, then having Chrome block your site because the server uses an old transport protocol will be bad. Very bad. Your visitors will most likely leave and your Trust values will plummet. So make sure you have checked this before the last step is taken by Chromium. If your site have issues then you should see a SSL warning if you use Chrome 79 or higher.

    Quote

    In Chrome 81, which will be released to the Stable channel in March 2020, we will begin blocking connections to sites using TLS 1.0 or 1.1, showing a full page interstitial warning.

    Site administrators should immediately enable TLS 1.2 or later. Depending on server software (such as Apache or nginx), this may be a configuration change or a software update. Additionally, we encourage all sites to revisit their TLS configuration. In our original announcement, we outlined our current criteria for modern TLS.

    Enterprise deployments can preview the final removal of TLS 1.0 and 1.1 by setting the SSLVersionMin policy to “tls1.2”. This will prevent clients from connecting over these protocol versions. For enterprise deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 and disable the warning UIs until January 2021.

    Source: https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html

     

    Edited by Jimi Wikman


    • Interresting 1


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...