Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

[Article] Chrome will start blocking TLS - TLS 1.0 and TLS 1.1 will be blocked as unsecure


Jimi Wikman

Recommended Posts

  • Owner

Last year the team behind Chromium announced that support for the transport protocols 1.0 and 1.1 would no longer be supported in a future update. Since January this year unsecured sites have seen warnings and now in March all sites secured using the 1.0 and 1.1 versions of TLS will see a full page interstitial warning.

The fact that TLS (Transport Layer Security) 1.0 and 1.1 are insecure has been known for a while and it makes sense to remove support for them. Despite that TLS 1.2 was released 10 years ago there are still around 0.5% of all sites still using the now 20 year old 1.0 and 1.1 protocols. I assume this might be more troublesome than it sounds as I still see people using the old transport protocols in their infrastructure in a way that makes it almost impossible to upgrade.

If you have a commercial website of any kind, then having Chrome block your site because the server uses an old transport protocol will be bad. Very bad. Your visitors will most likely leave and your Trust values will plummet. So make sure you have checked this before the last step is taken by Chromium. If your site have issues then you should see a SSL warning if you use Chrome 79 or higher.

Quote

In Chrome 81, which will be released to the Stable channel in March 2020, we will begin blocking connections to sites using TLS 1.0 or 1.1, showing a full page interstitial warning.

Site administrators should immediately enable TLS 1.2 or later. Depending on server software (such as Apache or nginx), this may be a configuration change or a software update. Additionally, we encourage all sites to revisit their TLS configuration. In our original announcement, we outlined our current criteria for modern TLS.

Enterprise deployments can preview the final removal of TLS 1.0 and 1.1 by setting the SSLVersionMin policy to “tls1.2”. This will prevent clients from connecting over these protocol versions. For enterprise deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 and disable the warning UIs until January 2021.

Source: https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html

 


View full blog article

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...