Microsoft will disable TLS 1.0 and 1.1. in 2020, in collaboration with a number of other browsers. The tech giant will be removing support in IE and Edge in early 2020 due to the version’s insecurity.
For the unfamiliar, TLS is a cryptographic protocol and the successor to SSL. It protects data in transit and sees use in email and general web browsing. TLS 1.0 is now almost 18 years old and has some issues.
In TLS 1.0 attackers can downgrade user’s connection to SSL 3.0 before making use of other exploits. TLS 1.1 doesn’t have any glaring vulnerabilities, it doesn’t have the many security features of 1.2 and 1.3. These versions replace instances of MD5-SHA-1 with SHA-256 encryption and make various other technical improvements.
As well as Microsoft, Firefox, Google Chrome, and Safari have announced intent to axe the protocol. All the browsers current support TLS 1.2, and will soon support 1.3.
“Two decades is a long time for a security technology to stand unmodified,” said Microsoft Edge senior program manager Kyle Pflug. “While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1 […] moving to newer versions helps ensure a more secure Web for everyone.”
Little Impact on Users
Fortunately, this is a change that most users won’t even notice. According to Microsoft, 94% of sites use TLS 1.2, and less than 1% of daily Edge connections use the outdated technology. This announcement is likely to spur those sites to upgrade, or they’ll risk being cut off from their users.
Apple has shared similar statistics, saying they account for less than 0.36% of Safari connections. The bottom line is that there’s little point in keeping them around while having fewer protocols is beneficial.
You can read more about the change on the Windows blog.