Older TLS standards 1.0 and 1.1 are nearing doomsday

All major browsers including Chrome, Firefox, Edge, Internet Explorer and Safari have decided to drop support for older versions 1.0 and 1.1 of the TLS online security protocol. The two-decade-old TLS 1.0 and 1.1 release is known to have flaws that make them unsafe to use for any secure communications. However, version 1.2, which was released in 2008, addressed these major flaws and is used by the vast majority of clients today.

The Internet Engineers Task Force unanimously approved and released TLS version 1.3, earlier this year. But most servers and services haven’t been updated to support the new and improved TLS 1.3 framework which is designed to make encrypted connections on the web faster and more resistant to snooping.

Mozilla’s chart for TLS version usage shows that only 5.68% of Internet users adopted the new version. While almost all others continue to use the 1.2 standard (about 93.12%), only a smattering of connections use the earlier versions, 1.0 and its close relative 1.1, nearing its Doomsday.  “Moving to newer versions helps ensure a more secure Web for everyone,” wrote Kyle Pflug, Microsoft’s Senior Program Manager.

These connections, however, may seem low in proportion, but it could include a lot of things like the legacy machines, old apps, hacked devices, and others. These older versions will be phased out by early 2020, and the long lead time is for companies to check for crucial systems that may cease to work because of this change.