PSA: Removing TLS 1.0, TLS 1.1 and DTLS 1.0 support from WebRTC

1,221 views
Skip to first unread message

Benjamin Wright

unread,
Feb 4, 2019, 5:07:37 PM2/4/19
to discuss...@googlegroups.com
WebRTC is planning to remove support for legacy Transport Layer Security protocol versions from the code base. Specifically support for TLS 1.0, TLS 1.1 and DTLS 1.0. This is in line with a broader effort across Chrome. We plan for these changes to land by M74.

This is compliant with the rtc-web-security-arch documentation which states:
   All Implementations MUST implement DTLS 1.2 with the
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
   curve [FIPS186].  Earlier drafts of this specification required DTLS
   1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and
   at the time of this writing some implementations do not support DTLS
   1.2; endpoints which support only DTLS 1.2 might encounter
   interoperability issues.

TLS 1.2 and DTLS 1.2 are already the default selected protocol versions in
WebRTC and we expect this to cause little to no interop issues for almost all users.

Francesco Durighetto

unread,
Mar 4, 2019, 12:07:18 PM3/4/19
to discuss-webrtc
It seems that deprecation should start with chrome 72 (maybe delayed to 74) and the complete removal of older tls is planned to chrome 81.
Is that correct?

Also,
is there any way to force the browser to use DTLS 1.2 to test our serverside apps?
Reply all
Reply to author
Forward
0 new messages