Will your website still work after March this year? (End of support for TLS v1.0/v1.1)
Mozilla has confirmed that browser support for TLS (Transport Layer Security) 1.0 and 1.1 will end from March 2020.
TLS v1.0 is over 20 years old so that’s not a bad life for a security protocol and the “newer” TLS 1.1 is a teenager at only 13 years old!! (Neither is compliant with PCI DSS)
“While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist. Moving to newer versions helps ensure a more secure Web for everyone,” said Kyle Pflug, a senior program manager for Microsoft Edge.
“Complete support will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020,”Apple said.
Developers should be using the ultra-modern TLS 1.2 at only 10 years old 😉. In reality we should be considering moving to TLS 1.3.
Is this a “real” issue? …
Yes, well according to SSL Labs who survey the top 150K web sites 134K support TLS 1.2 meaning that 16k don’t (its unlikely that these have a high percentage of sites that only support TLS 1.3) See https://www.ssllabs.com/ssl-pulse/
So from March this year these sites are going to look broken – It’s likely that the user will get a warning message or its possible that the site will not be accessible at all on the browser.
Check your site supports TLS 1.2+, Check you are not using IIS on Windows 2003 server.
What if I am?
Your choices are:
- Upgrade the web server to support TLS 1.2+
- Read this: https://docs.microsoft.com/en-us/security/solving-tls1-problem
- Stick a Load Balancer like edgeNEXUS in front to do the SSL TLS encryption, decryption, and/or TLS version conversion
Will your website still work after March this year? (End of support for TLS v1.0/v1.1)by Customer Experience team, January 7th, 2020