Shulou(Shulou.com)06/01 Report--

Today, the editor brings you an article about the four major browsers that stop supporting TLS 1.1 and TLS 1.0 security protocols. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

Web browser is no stranger to you who surf the Internet every day. Do you know what are the four most mainstream browser manufacturers in the world at present?

The answer is: ① Google (Chrome) ② Microsoft (IE and Edge) ③ Apple (Safari) ④ Mozilla (Firefox)

In terms of security and privacy, the big four Web browser vendors formally implemented a Real tacit decision at the beginning of this year to stop supporting TLS 1.1 and TLS 1.0 security protocols from March 2020.

Chrome (GOOG), Mozilla (Firefox), Microsoft (IE and Edge), and Safari (AAPL) will all release new browsers to implement this strategy.

Back in 2018, the four Web browser giants (Apple, Google, Mozilla, Microsoft) issued an unprecedented joint statement announcing the decision to ban TLS 1.0 and TLS 1.1 support in early 2020. This means that TLS 1.2 will actually become the default mainstream setting, and browsers will encourage websites and companies to increase support for TLS 1.3 as soon as possible.

Maybe you'll have a series of black question marks. What is TLS? What security role does TLS play in browser transmission? What's the difference between TLS and SSL? Why are TLS 1.1 and TLS 1.0 protocols banned?

First of all, let's start with TLS.

Browse news, send and receive email, online learning, e-commerce. The Internet, precisely because of the encryption technology, SSL (secure socket layer Protocol) and TLS (Transport layer Security), especially TLS, is precisely because of this key technology to provide online private communication methods, effectively prevent data loss and data leakage of the website, the Internet presents today's prosperity as we know it.

TLS vs SSL: the security bodyguard of data transmission

Today's Internet consists of seven layers: physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer. The application layer is the most abstract layer and the layer closest to the end user. SSL/TLS is an encryption protocol designed to provide communication security in a computer network, between the transport layer and the application layer. It solves the problem of transmission security through "handshake protocol" and "transport protocol". This process ensures the security and confidentiality of communication when end users use network services. Currently, more than 70% of the world's Internet traffic is protected by SSL/TLS.

SSL (Secure Sockets Layer secure Sockets layer Protocol) is located between TCP/IP protocol and various application layer protocols, which provides security support for data communication. It mainly ensures the security of data transmission by means of encryption.

TLS (Transport Layer Security Transport layer Security), which better inherits the advantages of SSL, is a protocol standardized by IETF (Internet Engineering Task Force). Therefore, when we talk about TLS and SSL, a very important concept is that SSL is the old version of the protocol, TLS is the successor of SSL, is the more secure upgraded version of SSL, is the standard protocol of modern encryption.

TLS protects the standard for communication between Web applications and Web browsers, usually between clients and applications on the reliable transport layer. TLS adds security to the HTTP protocol stack and encrypts the transmitted data into the current large-scale use of HTTPS. All data sent using HTTPS can be protected by the Transport layer Security Protocol (TLS).

The Development of TLS

● in 1994, NetScape designed version 1.0 of the SSL protocol (Secure Sockets Layer), but it was not released.

● in 1995, NetScape released SSL version 2. 0, and soon discovered that there were serious vulnerabilities.

In 1996, ● version 3.0 of SSL was published and applied on a large scale.

● 1999, the upgraded version of SSL TLS version 1.0, TLS 1.0 protocol was born

● 2006, TLS 1.1 Agreement officially launched

● 2008, TLS 1.2 protocol was officially released

In ● 2019, IETF (Internet Engineering Task Force) officially released TLS 1.3 in August, representing a great leap forward in overall security.

In ● 2019, the payment Card Industry data Security Standard (PCI DSS) forcibly removed support for TLS 1.0in the payment card industry, and strongly recommended that support for TLS 1.1be removed.

● 2020, Google Chrome, Microsoft IE, Apple Safari, Firefox Firefox will stop supporting TLS 1.1 and TLS 1.0 security protocols, and TLS 1.2 will become the default setting.

Why are TLS 1.0 and TLS 1.1 protocols being abandoned?

The main reason: extremely unsafe. There are currently four versions of the TLS protocol-TLS1.0, 1.1,1.2 and 1.3 (the latest version). The two older versions of TLS 1.0 and TLS 1.1 use outdated algorithms and encryption systems, such as SHA-1 and MD5, which are fragile, have major security vulnerabilities, and are vulnerable to downgrades such as POODLE and BEAST.

Apple, Google and Microsoft all say the impact of the decision is likely to be minimal because only a small number of connections to Safari, Chrome, Edge and Internet Explorer browsers are still using TLS 1.0 or TLS 1.1. So far, most websites support TLS 1.2 or TLS 1.3 protocols, so except for some industry servers that have not updated their architecture for a long time, the average Internet user will not encounter much problem in browsing.

Figure: details of the support protocols for the top 100000 websites in Alexa

Suggestion: after the website owner installs and deploys the SSL certificate for the server, you can open the encryption protocol that supports TLS 1.2 or above.

How can I quickly detect my TLS version?

You can deploy and test the website through the certificate: MySSL.com, TLS version is clear at a glance

✭ View browser's SSL/TLS compatibility ✭

Open MySSL.com →, click the "Toolbox" menu, →, select "SSL client Detection" to detect successfully.

↓↓↓

Figure: use the Chrome browser to detect the sample diagram (also applicable to other browsers)

✭ views the supporting protocol version of the website, ✭.

Open MySSL.com → and enter the test information generated by the HTTPS website → directly in the address bar to view the Protocol and Suite.

↓↓↓

These are the reasons why the four major browsers have stopped supporting TLS 1.1 and TLS 1.0 security protocols. Have you learned anything after reading them? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.