While there are currently no known vulnerabilities in TLS 1.0 and 1.1, Microsoft plans to end support for these old protocols in supported versions of Microsoft Edge and IE 11 by 2020.
Transport Layer Security (TLS) protocols work to encrypt communications between client and server applications in order to keep the web secure. After its latest version, TLS 1.3, was approved earlier this year, Microsoft announced today that it will shut down the legacy versions of TLS (1.0 and 1.1) by default in supported Microsoft Edge and Internet Explorer 11 versions in the first half of 2020.
Microsoft pointed out that it has not yet identified any significant vulnerabilities with its latest implementations of TLS 1.0 and 1.1, though it acknowledges that security loopholes may exist in third-party implementations. The goal of the upcoming change is to help maintain general security for every internet user, with the software giant noting that the newer versions of TLS support more modern cryptography and browsers. The Internet Engineering Task Force (IETF), which develops internet standards, is also expected to deprecate TLS 1.0 and 1.1 later this year .
Microsoft also cited data from SSL Labs which indicates that 94% of sites have already switched to TLS 1.2 while only less than 1% of daily connections using Microsoft Edge remain on TLS 1.0 or 1.1. That means most sites are not expected to see any significant impact from the upcoming change.
TLS 1.0, the pilot version of the web security protocol, will mark its 20th anniversary on January 19,2019. So it only makes sense for the remaining websites to transition to the latest version if they’re serious about security.