Intent to Remove: TLS 1.0 and TLS 1.1

عرض 1-8 من 8 من الرسائل
Intent to Remove: TLS 1.0 and TLS 1.1 Christopher Thompson 24/01/20 02:14 م
Contact emails davi...@chromium.org,cth...@chromium.org Explainer N/A Design docs/spec Specification: https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00 https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html TAG review N/A Summary TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as "Not Secure". In M-81, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes Windows, Mac, Linux, Chrome OS, and Android will show an interstitial warning. Android WebView will see this as an SSL error, but SSL errors are handled by the embedder (the default behavior is to cancel the request). Is this feature fully tested by web-platform-tests? No N/A Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5759116003770368
Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Mounir Lamouri 24/01/20 02:25 م
Usually, deprecations/removals, come with a % of page load using the feature. Is this something that can be shared? Also, which browsers are dropping TLS 1.0 and 1.1 support?

On Fri, 24 Jan 2020 at 14:14, Christopher Thompson <cth...@chromium.org> wrote:
Contact emails davi...@chromium.org,cth...@chromium.org Explainer N/A Design docs/spec Specification: https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00 https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.chromium.org/2019/10/chrome-ui-for-deprecating-legacy-tls.html TAG review N/A Summary TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as "Not Secure". In M-81, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? Yes Windows, Mac, Linux, Chrome OS, and Android will show an interstitial warning. Android WebView will see this as an SSL error, but SSL errors are handled by the embedder (the default behavior is to cancel the request). Is this feature fully tested by web-platform-tests? No N/A Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5759116003770368

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blin...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALMy46TtB3PPD1YTdQ6MZ4d6QYGXJhcOfb_KPQJ6k0zWdY9gFQ%40mail.gmail.com.
Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Christopher Thompson 24/01/20 02:32 م
Hi Mounir -- The full Chrome Status form took in a lot of detail that it appears to not show.... Let me share the full details here:

Summary
TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as "Not Secure". In M-81, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher.

Motivation
TLS 1.2 was published ten years ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide adoption since then. These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.

Interoperability and Compatibility Risks
As of January 1, we still saw 0.3% of main frame page loads using TLS 1.0 or 1.1. This is down significantly from 0.68% back in January 2019. We are optimistic that our current efforts in M-79/80 will increase the visibility of this change to get more sites to update. 

For more details, you can track these public metrics:
Affected enterprises can bypass these errors using the SSLVersionMin policy. This policy will be available until 2021.

This removal is in sync with removal by other browser vendors, so there is little to no interoperability risk.

Other browsers


Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Johnny Stenback 24/01/20 03:07 م
On Fri, Jan 24, 2020 at 2:32 PM Christopher Thompson <cth...@chromium.org> wrote:
Hi Mounir -- The full Chrome Status form took in a lot of detail that it appears to not show.... Let me share the full details here:

Hey Christopher,

If you (or anyone else for that matter) are able to, please file issues with the Chromestatus took at https://github.com/GoogleChrome/chromium-dashboard/issues.

Thanks!
Johnny 

 
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALMy46TKtSvY-mXt%2BCbS3vXLWTekbG0LMxWJHPt8rOi2au4wAw%40mail.gmail.com.
Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Christopher Thompson 24/01/20 03:09 م
Looks like foolip@ already filed a bug: https://github.com/GoogleChrome/chromium-dashboard/issues/700
Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Jochen Eisinger 26/01/20 06:07 ص
dropping usage, long deprecation period, and cross browser support: lgtm1 to remove
Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Mike West 28/01/20 03:49 ص
LGTM2, especially given the value of working in lockstep with other vendors.

-mike


Re: [blink-dev] Intent to Remove: TLS 1.0 and TLS 1.1 Yoav Weiss 28/01/20 03:53 ص
LGTM3

You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAKXHy%3DfVcy7OkJ2rHq7jT%2B83nWozbY86%2BnYPK1pZT%2BSOEBwTRg%40mail.gmail.com.