| Intent to Remove: TLS 1.0 and TLS 1.1 | Christopher Thompson | 24/01/20 02:14 م | Contact emails
davi...@chromium.org,cth...@chromium.org
Explainer
N/A
Design docs/spec
Specification: https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00
https://security.googleblog.com/2018/10/modernizing-transport-security.html https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html TAG review N/A Summary TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as "Not Secure". In M-81, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes Windows, Mac, Linux, Chrome OS, and Android will show an interstitial warning. Android WebView will see this as an SSL error, but SSL errors are handled by the embedder (the default behavior is to cancel the request). Is this feature fully tested by web-platform-tests? No N/A Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5759116003770368 |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Mounir Lamouri | 24/01/20 02:25 م | Usually, deprecations/removals, come with a % of page load using the feature. Is this something that can be shared? Also, which browsers are dropping TLS 1.0 and 1.1 support?
-- |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Christopher Thompson | 24/01/20 02:32 م | Hi Mounir -- The full Chrome Status form took in a lot of detail that it appears to not show.... Let me share the full details here:
Motivation TLS 1.2 was published ten years ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then. These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1. Interoperability and Compatibility Risks As of January 1, we still saw 0.3% of main frame page loads using TLS 1.0 or 1.1. This is down significantly from 0.68% back in January 2019. We are optimistic that our current efforts in M-79/80 will increase the visibility of this change to get more sites to update. For more details, you can track these public metrics:
Affected enterprises can bypass these errors using the SSLVersionMin policy. This policy will be available until 2021. This removal is in sync with removal by other browser vendors, so there is little to no interoperability risk. Other browsers
Tracking bug URL |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Johnny Stenback | 24/01/20 03:07 م |
Hey Christopher, If you (or anyone else for that matter) are able to, please file issues with the Chromestatus took at https://github.com/GoogleChrome/chromium-dashboard/issues. Thanks! Johnny To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALMy46TKtSvY-mXt%2BCbS3vXLWTekbG0LMxWJHPt8rOi2au4wAw%40mail.gmail.com. |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Christopher Thompson | 24/01/20 03:09 م | Looks like foolip@ already filed a bug: https://github.com/GoogleChrome/chromium-dashboard/issues/700 |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Jochen Eisinger | 26/01/20 06:07 ص | dropping usage, long deprecation period, and cross browser support: lgtm1 to remove
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALMy46T-5wNwJ885YsC2DqORrq_TWzaCAPK-RJok4Hkg%2BCLo_A%40mail.gmail.com. |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Mike West | 28/01/20 03:49 ص | LGTM2, especially given the value of working in lockstep with other vendors. -mike To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjhuicO_peGqxL1j4uFSGXmn9tdk-nvJSZDfEp%3Dve5MmGQQrA%40mail.gmail.com. |
| Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 | Yoav Weiss | 28/01/20 03:53 ص | LGTM3 You received this message because you are subscribed to the Google Groups "net-dev" group. |