Mon – Fri: 08:00am – 5:30pm, Sat: 09:00am – 1:00pm

PC Madness Team

PC Madness Team

Browsers to block access to HTTPS sites using TLS 1.0 and 1.1 starting this month

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

More than 850,000 websites still use the old TLS 1.0 and 1.1 protocols, scheduled to be removed from most major browsers later this month.

This includes websites for major banks, governments, news organizations, telecoms, e-commerce stores, and internet communities, according to a report published today by UK technology firm Netcraft.

All the 850,000 websites use HTTPS, but on a version that weak. The websites support HTTPS connections via cryptographic certificates built on the TLS 1.0 and TLS 1.1 protocols.

These are ancient protocols, released in 1996 and 2006, respectively. The protocols use weak cryptographic algorithms and are vulnerable to a series of cryptographic attacks that have been disclosed over the past two decades, such as BEAST, LUCKY 13, SWEET 32, CRIME, and POODLE. These attacks allow attackers to decrypt HTTPS and access a user’s plaintext web traffic.

New versions of these protocols were released in 2008 (TLS 1.2) and 2017 (TLS 1.3), both of which are considered superior and safer to use than TLS 1.0 and TLS 1.1.

REMOVAL OF TLS 1.0 AND TLS 1.1 WAS ANNOUNCED TWO YEARS AGO

After the release of TLS 1.3 in the spring of 2018 the four browser makers — AppleGoogleMozilla, and Microsoft — got together and jointly announced in October 2018 plans to remove support for TLS 1.0 and TLS 1.1 in early 2020.

The first stages of this deprecation began last year when browsers began labeling sites that were using TLS 1.0 and TLS 1.1 with a “Not Secure” indicator in the URL address bar and the lock icon, hinting to users that the HTTPS connection was not as secure as they might imagine.

firefox-weak-encryption.png
Image: ZDNet

Later this month, browsers will move from showing a hidden warning to showing full-page errors when users access sites that use TLS 1.0 or TLS 1.1.

chrome-tls-error.png
TLS 1.0/1.1 error in ChromeImage: ZDNet
mozilla-tls-error.png
TLS 1.0/1.1 error in FirefoxImage: Mozilla

These full-page errors are scheduled to roll out with the release of Chrome 81, and with Firefox 74, both scheduled later this month. Safari was also scheduled to drop TLS 1.0 and 1.1 this month as well, per their initial announcement.

Microsoft will follow suit at the end of April, with the release of (the Chromium-based) Edge 82.

According to Netcraft’s scans, the number of sites that will be impacted is around 850,000, of which, more than 5,000 are ranked in the Alexa Top 1 Million sites.

“Removing client-side support for these older protocols is the most effective way of ensuring that their associated vulnerabilities can no longer pose any risks,” Netcraft researchers said.

Written By Catalin Cimpanu  taken from ZDNet.com

More to explorer

Webroot Evasion Shield

NEW: Webroot Evasion Shield

It’s coming folks! We’re starting the rollout of the new Webroot® Evasion Shield. This critical security layer uses brand new, patented Webroot technology to

phising2020

2020 Webroot Threat Report

2020 Webroot Threat Report: Phishing Attempts Grew by 640% Last Year The annual Webroot Threat report was recently released, highlighting not only the

Have you Any Question?

PC Madness Offer

Issue with your PC?

Hover here...

10% Off your Service! Mention this code below to our staff;

BLOGPCM10%


*valid till end of Feb2020
** Excludes parts and software

System Packages

AMD System Packages

Click here to customise and build your own system today!
Build My PC

System Packages

Ryzen 7 System Packages

Click here to customise and build your own system today!
Build My PC

Leave a Comment

© 2020 PC Madness PTY LTD  All rights reserved

PC Madness Trading Hours​

Monday: 8:00am – 5:30pm

Tuesday: 8:00am – 5:30pm

Wednesday: 8:00am – 5:30pm

Thursday: 8:00am – 5:30pm

Friday: 8:00am – 5:30pm

Saturday: 9:00am – 1:00pm

Sunday: CLOSED

Public Holidays: CLOSED

stay informed!

Subscribe to receive exclusive content and notifications