Apple is Ending Support for TLS 1.0 and TLS 1.1 in Safari by 2020

BY Evan Selleck

Published 15 Oct 2018

TLS stands for Transport Layer Security, and it has a variety of versions out there in the wild. But Apple is aiming to trim the fat, so to speak.

Announced on Monday on its WebKit blog, Apple has confirmed it will be ending support for two of the security offering’s older versions. TLS 1.0 and TLS 1.1 will no longer be supported within Safari by March of 2020. The older versions of the security protocol that are designed to protect web traffic will be phased out, support wise within Safari, over the next year and additional months.

“Therefore, we are deprecating support for TLS 1.0 and 1.1. Complete support will be removed from Safari in updates to Apple iOS and macOS beginning in March 2020. Firefox, Chrome, and Edge are also planning to drop TLS 1.0 and 1.1 support at that time. If you own or operate a web server that does not support TLS 1.2 or newer, please upgrade now. If you use legacy services or devices that cannot be upgraded, please let us know by contacting our Web Technologies Evangelist or by filing a bug report with details.”

As noted above, these older protocol versions are being dropped from the other major browsers out there as well. And, in light of the transition, Apple says the adoption of TLS 1.2 by third-party developers will provide the following:

Modern cryptographic cipher suites and algorithms with desirable performance and security properties, e.g., perfect forward secrecy and authenticated encryption, that are not vulnerable to attacks such as BEAST.

Removal of mandatory and insecure SHA-1 and MD5 hash functions as part of peer authentication.

Resistance to downgrade-related attacks such as LogJam and FREAK.

Apple itself has supported TLS 1.2 now for quite some time. It already handles 99.6% of connections made from Safari:

“Now is the time to make this transition. Properly configured for App Transport Security (ATS) compliance, TLS 1.2 offers security fit for the modern web. It is the standard on Apple platforms and represents 99.6% of TLS connections made from Safari. TLS 1.0 and 1.1 — which date back to 1999 — account for less than 0.36% of all connections. With the recent finalization of TLS 1.3 by the IETF in August 2018, the proportion of legacy TLS connections will likely drop even further. TLS 1.2 is also required for HTTP/2, which delivers significant performance improvements for the web.”

A minor change, but an important one.

[via Apple]

Want to know more about Apple Products?

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Researcher Claims Apple Will Have to ‘Re-Write iMessage Codebase’ to Combat Pegasus Spyware

Sanuj Bhatia

How to Check if Your iPhone Has Been Infected with Pegasus Spyware

Sanuj Bhatia

Apple Says iMessage Zero-Click Exploit Used in Pegasus Hack Is ‘Not a Threat’ to Most

Sanuj Bhatia

Report: Pegasus Spyware Hack Based on Zero-Click iOS 14.6 iMessage Exploit Sold to Governments Worldwide

Sanuj Bhatia

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,