Chrome 81 to remove support for legacy TLS versions
Chrome UI is Removing Support for Legacy TLS Versions!
Google has confirmed that it will be removing support for TLS 1.0 and 1.1 starting with Chrome 81.
TLS (Transport Layer Security) is the protocol that secures HTTPS. It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL.
A pre-removal phase has been introduced for previewing the UI that will be used to block TLS 1.0 and 1.1 in Chrome 81. Site administrators have been advised to shift to TLS 1.2 to make sure such UI warnings do not show up on your website.
According to Google, TLS 1.2 was published 10 years ago to address the limitations in TLS 1.0 and 1.1. It has been widely adopted ever since and as of October 2018, less than 0.5% of HTTPS connections made by Chrome actually use TLS 1.0 or 1.1. To align with industry standards, Google Chrome deprecated TLS 1.0 and 1.1 in Chrome 72. In Chrome 81, the support for TLS 1.0 and 1.1 will altogether be disabled. The current criteria for modern TLS configuration is given below:
- TLS 1.2 or later.
- An ECDHE- and AEAD-based cipher suite. AEAD-based suites are those using AES-GCM or ChaCha20-Poly1305.
- ECDHE_RSA_WITH_AES_128_GCM_SHA256 is the recommended option for most sites.
- The server signature should use SHA-2. This is the signature made by the server itself, using its private key.
Pre-removal Warning
Starting January 13, 2020, Chrome 79 (the latest Chrome Version) will stop supporting TLS versions 1.0 and 1.1 by showing the “ Not Secure” indicator for sites using the outdated configuration. Currently, any site owner can check the TLS version of their site using Developer Tools.
Chrome 81 will downgrade the security indicator by displaying a detailed warning message inside Page info indicator for a site using TLS 1.0 or 1.1. This does not prevent the user from visiting the site but will alert them about the downgraded security features. Lower security could potentially drive away traffic from your website as issues of security and privacy continue to remain important among customers and business owners alike.
Removal UI
Chrome 81 which will be released to the stable channel in March 2020, will begin blocking connections to sites using TLS 1.0 and 1.1, displaying a full-page warning.
Site administrators are required to immediately enable TLS 1.2 or later. Depending on server software, this might require a configuration update or software change. Enterprise deployments can preview the final removal of TLS 1.0 and 1.1 by setting the SSLVersionMin policy to “tls1.2”. For those enterprise deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 until January 2021.
At TechAffinity, we believe in being future-ready and delivering custom-made solutions to all your business needs. Our developers are here to offer you best-in-class services across different platforms and technologies. Please send your queries to media@techaffinity.com and schedule a meeting with us. Our marketing experts will reach out to you within the hour.
Originally published at https://techaffinity.com on December 16, 2019.
