Safari and other browsers will drop support for TLS 1.0 and 1.1

Apple announced this week on its WebKit blog (rendering engine used by Safari) that it will end support for TLS 1.0 and 1.1 from March 2020. TLS is an important security protocol used to protect web traffic, especially on sensitive data that is transferred between clients and servers.

You may be wondering that, if this protocol is so important, why would Apple abandon it? Just compare with a software update, which is necessary for your device or computer to be protected from the most recent and advanced evils that exist. In that regard, Apple recommended that applications adopt TLS 1.2, which offers “adequate security for the modern web”.

Overall, upgrading from TLS 1.0 and 1.1 to version 1.2 provides the following benefits, according to Apple:

  • Cool encryption sets and algorithms and new security properties, such as early secrecy and authenticated encryption, that are not vulnerable to attack like BEAST.
  • Removal of function hash mandatory (and insecure) SHA-1 and MD5 encryption as part of type authentication peer.
  • Protection against attacks related to downgrade, such as LogJam and FREAK.

The move to TLS 1.2 will be virtually symbolic for Apple, as this is the standard used on the company's platforms and represents almost all (99.6%, to be more specific) of connections made from Safari. The remainder (0.36%) consists of the TLS 1.0 and 1.1 protocols.

In addition to Apple, other browsers such as Firefox, Chrome and Edge are also planning to abandon support for old protocols and start early 2020.

via MacRumors