Discontinuation of Support For TLS 1.0 and TLS 1.1 Protocols¶
In the first half of 2020, support for the twenty years old TLS 1.0 protocol and its eight years younger successor TLS 1.1 will be discontinued. These old versions are unsecure and prone to various cyber attacks, such as Poodle or Beast.
The new default version of TLS in web browsers will be TLS 1.2, which was created ten years ago to address flaws of both previous versions. Browsers which will be affected are Chrome, Firefox, Edge and Safari.
Some services, such as Gitlab, have announced that they will discontinue support for TLS 1.0 and 1.1 even before then.
For owners/operators of servers this means, that by the beginning of 2020 at latest, their servers should support TLS 1.2. Otherwise clients will be unable to access sites that don't support this protocol.
Users will be affected minimally. Every current version of these web browsers supports the protocol. If you are still using Internet Explorer version 10 or lower, Firefox 26 or lower or Chrome 29 and lower, you should consider upgrade, since some services will no longer work for you.
Other questions¶
Is it needed to disable support for TLS 1.0 and 1.1 protocols on servers?¶
At this moment, it is not needed. But after the support will have been discontinued in web browsers, we would recommend this change. However, before changing the configuration, make sure none of the older protocols is used by any software you are using on the server. (For example accounting software which is imports data via API etc.)
Do we need to contact your technical support, so they check it?¶
Every managed server without support of TLS 1.2 will be contacted by us. If the current operating system supports this protocol, enabling it is the only thing that will be needed. In case of servers running on very old software, the only solution will be upgrading the distribution.
Do I need to do anything if I don't use https on my servers?¶
No, websites without enabled https support will not be affected by this in any way. But you should reconsider enabling https on every site for enhanced security.