Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.
Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.
Over two decades old, TLS 1.0 has been long deemed insecure, as was TLS 1.1, which was mainly designed to address limitations in its predecessor and to prevent specific attacks.
Some of the weaknesses in TLS 1.0 and 1.1 have been addressed with the release of TLS 1.2 more than 10 years ago, with additional hardening and protections added in TLS 1.3, which has been around for more than three years.
Back in 2018, major browser vendors, Apple included, announced plans to deprecate support for both TLS 1.0 and 1.1. The Internet Engineering Task Force (IETF) deprecated them as of March 25, 2021, and Apple is getting ready to fully remove support for these legacy encryption protocols from its products.
“These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases,” the company announced this week.
Applications that have App Transport Security (ATS) enabled on all connections, the Cupertino-based tech giant tells developers, are already set. For those that continue to use TLS 1.0 or 1.1, developers should transition to TLS 1.2 or later.
“We recommend supporting TLS 1.3, as it’s faster and more secure. Make sure your web servers support the later versions,” Apple says.
Furthermore, the company tells developers to remove from their applications several deprecated Security.framework symbols for the TLS 1.0 and 1.1 protocols.
Related: NSA Issues Guidance on Replacing Obsolete TLS Versions
Related: ALPACA: New TLS Attack Allows User Data Extraction, Code Execution
Related: Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview