Let’s start the new week with some solid security news! Browser security, that is. If you depend on IE and Edge for your browsing needs, then you better be in the know here.
Microsoft is set to disable certain TLS versions on both of its web browsers.
Now, admittedly usage of Microsoft browsers has been on the downturn lately, what with Chrome seemingly running away with the market. But one thing the software titan does really well is equip its latest browser with the latest bells and whistles.
Edge is always quick to pick up support for the latest web technologies.
Transport Layer Security (TLS) protocols are what keep the web secure by encrypting communication between client and server applications. It’s latest version, TLS 1.3, was approved earlier this year, and Redmond is on the act.
The company has announced today that it will shut down the legacy versions of the technology by default in Microsoft Edge and Internet Explorer 11.
Versions 1.0 and 1.1 are the ones that are set for sunset in the first half of 2020.
Coincidentally, TLS 1.0, the pilot version of the web security protocol will mark its 20th anniversary on January 19, 2019. But the good thing is that the majority of websites have already made the transition to the latest version.
Kyle Pflug, Senior Program Manager, Microsoft Edge:
“We are announcing our intent to disable these versions by default early, to allow the small portion of remaining sites sufficient time to upgrade to a newer version.”
According to data from SSL Labs, 94% of the top websites already support version 1.2 of the cryptographic protocol. Microsoft also reveals that less than 1% of secure connections in Microsoft Edge are currently using versions 1.0 and 1.1.
Speaking of versions, TLS 1.3 allows faster and more secure connections, and the Internet Engineering Task Force (IETF) finalized it in August of this year.
As expected, Microsoft is already working to bring support for this new version of the protocol in Edge.
And that concludes our security bulletin for today!