Connect with us

Hi, what are you looking for?


Data Protection

Browser Makers Delay Removal of TLS 1.0 and 1.1 Support

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.

Google, Microsoft and Mozilla are delaying plans to disable support for the Transport Layer Security (TLS) 1.0 and 1.1 protocols in Chrome, Edge, Internet Explorer, and Firefox.

TLS 1.0 is over two decades old, and TLS 1.1 was only meant to address some limitations in the former and prevent specific attacks. Both are known to include weaknesses, some addressed in TLS 1.2, which was released over a decade ago.

In 2018, TLS 1.3 was approved and published as RFC 8446, after four years of work. It is both faster and more secure compared to its predecessors, and many tech companies are advocating for its broad adoption.

In October 2018, major browser makers announced that support for the old and insecure TLS 1.0 and 1.1 protocol versions would be removed in March 2020, but such plans have been postponed due to the current COVID-19 pandemic.

Microsoft now says it is still on track to remove support for TLS 1.0 and 1.1 this year, but that the change will be made months later than initially announced.

“In light of current global circumstances, we will be postponing this planned change—originally scheduled for the first half of 2020,” the tech giant said.

At the moment, the company plans on disabling the older protocol iterations in the new Microsoft Edge (based on Chromium) in version 84, which is currently planned for July 2020.

As for the supported versions of Internet Explorer 11 and Microsoft Edge Legacy (EdgeHTML-based), the current plan involves removing support for TLS 1.0 and TLS 1.1 on September 8, 2020.

Advertisement. Scroll to continue reading.

Google will remove support for both protocol versions in the stable release of Chrome 83, which is set to arrive in mid-May — the company skipped Chrome 82 entirely due to the coronavirus crisis.

“Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as ‘Not Secure’. In M-83, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher,” the company says.

Mozilla, which disabled TLS 1.0 and 1.1 in Firefox 74, reverted the change without providing a new timeline for when support for these protocol versions would be removed.

“We reverted the change for an undetermined amount of time to better enable access to critical government sites sharing COVID19 information,” the browser maker noted in updated release notes for Firefox 74.

Although TLS 1.0 and 1.1 remain in use, site admins are advised to transition to TLS 1.2 or TLS 1.3 as soon as possible to ensure there are no disruptions when browsers remove support for the older protocols.

“While these protocols will remain available for customers to re-enable as needed, we recommend that all organizations move off of TLS 1.0 and TLS 1.1 as soon as is practical. Newer versions of the TLS protocol enable more modern cryptography and are broadly supported across modern browsers, such as the new Microsoft Edge,” Microsoft said.

Related: Major Browsers to Kill TLS 1.0, 1.1

Related: IETF Publishes TLS 1.3 as RFC 8446

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.