Four tech industry titans, Apple, Google, Microsoft and Mozilla, this week announced plans to move from Transport Layer Security (TLS) 1.0 and 1.1 to modern, more secure versions of protocol.
In a guest post to the WebKit blog, Apple software engineer Christopher Wood made the case for deprecating TLS 1.0 and 1.1 in favor of version 1.2 and the recently finalized version 1.3.
Wood, who specializes in public key infrastructure and crypto services, defines TLS as a critical internet security protocol for protecting web traffic as it moves between clients and servers. The tool “provides confidentiality and integrity” of often sensitive data, but legacy versions of TLS date back to 1999.
To safeguard users against potential exploitation of vulnerabilities like the BEAST browser and FREAK man-in-the-middle attacks, Wood suggests moving away from TLS 1.0 and 1.1. More specifically, the engineer says TLS 1.2 provides security “fit for the modern web.”
Wood says Apple will deprecate Safari support for TLS 1.0 and 1.1 in forthcoming updates scheduled to release on iOS and macOS in March 2020. Apple currently uses TLS 1.2 as its standard, and 99.6 percent of TLS connections made from Safari rely on the modern protocol.
ArsTechnica reported on the coming change earlier today.
As part of an industry effort to transition away from old TLS versions, Google’s Chrome, Microsoft’s Edge and Mozilla’s Firefox will also drop support during the same period. The Safari alternatives see metrics largely in line with those provided by Apple, with Firefox recording the highest percentage of legacy TLS use at 1.2 percent of all secure connections.