Microsoft today said it plans to disable support for Transport Layer Security (TLS) 1.0 and 1.1 in Edge and Internet Explorer browsers by the first half of 2020. From a report: “January 19th of next year marks the 20th anniversary of TLS 1.0, the inaugural version of the protocol that encrypts and authenticates secure connections across the web,” said Kyle Pflug, Senior Program Manager for Microsoft Edge. “Two decades is a long time for a security technology to stand unmodified,” he said. “While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1 […] moving to newer versions helps ensure a more secure Web for everyone.” The move comes as the Internet Engineering Task Force (IETF) — the organization that develops and promotes Internet standards — is hosting discussions to formally deprecated both TLS 1.0 and 1.1. Microsoft is currently working on adding support for the official version of the recently-approved TLS 1.3 standard. Edge already supports draft versions of TLS 1.3, but not yet the final TLS 1.3 version approved in March, this year. Microsoft engineers don’t seem to be losing any sleep over their decision to remove both standards from Edge and IE. The company cites public stats from SSL Labs showing that 94 percent of the Internet’s sites have already moved to using TLS 1.2, leaving very few sites on the older standard versions. “Less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1,” Pflug said, also citing internal stats. You can check public stats on the usage of TLS 1.0 and 1.1 here.
of this story at Slashdot.
Source:: Slashdot