{"id":2397,"date":"2018-10-15T06:00:44","date_gmt":"2018-10-15T13:00:44","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2397"},"modified":"2018-10-15T14:14:01","modified_gmt":"2018-10-15T21:14:01","slug":"removing-old-versions-of-tls","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/","title":{"rendered":"Removing Old Versions of TLS"},"content":{"rendered":"

In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1.<\/p>\n

On the Internet, 20 years is an eternity. \u00a0TLS 1.0<\/a> will be 20 years old in January 2019. \u00a0In that time, TLS has protected billions – and probably trillions – of connections from eavesdropping and attack.<\/p>\n

In that time, we have collectively learned a lot about what it takes to design and build a security protocol.<\/p>\n

Though we are not aware of specific problems with TLS 1.0 that require immediate action, several aspects of the design are neither as strong or as robust as we would like given the nature of the Internet today. \u00a0Most importantly, TLS 1.0 does not support modern cryptographic algorithms.<\/p>\n

The Internet Engineering Task Force (IETF) no longer recommends the use of older TLS versions. \u00a0A draft document<\/a> describes the technical reasons in more detail.<\/p>\n

We will disable TLS 1.1<\/a> at the same time. \u00a0TLS 1.1 only addresses a limitation of TLS 1.0 that can be addressed in other ways<\/a>. Our telemetry shows that only 0.1% of connections use TLS 1.1.<\/p>\n

\"Graph<\/a>

TLS versions for all connections established by Firefox Beta 62, August-September 2018<\/p><\/div>\n

Our telemetry shows that many sites already use TLS 1.2 or higher (Qualys says 94%<\/a>). \u00a0TLS 1.2 is a prerequisite for HTTP\/2, which can improve site performance<\/a>. \u00a0We recommend that sites use a modern profile<\/a> of TLS 1.2 unless they have specialized needs.<\/p>\n

For sites that need to upgrade, the recently released<\/a> TLS 1.3 includes an improved core design that has been rigorously analyzed by cryptographers. \u00a0TLS 1.3 can also make connections faster than TLS 1.2. Firefox already makes far more connections with TLS 1.3 than with TLS 1.0 and 1.1 combined.<\/p>\n

Be aware that these changes will appear in pre-release versions of Firefox (Beta, Developer Edition, and Nightly) earlier than March 2020.\u00a0 We will announce specific dates when we have more detailed plans.<\/p>\n

We understand that upgrading something as fundamental as TLS can take some time.\u00a0 This change affects a large number of sites. \u00a0That is why we are making this announcement so far in advance of the March 2020 removal date of TLS 1.0 and TLS 1.1.<\/p>\n

Other browsers have made similar announcements. Chrome<\/a>, Edge<\/a>, and Safari<\/a> all plan to make the same change.<\/p>\n","protected":false},"excerpt":{"rendered":"

In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1. On the Internet, 20 years is an eternity. \u00a0TLS 1.0 will be 20 years old in … Read more<\/a><\/p>\n","protected":false},"author":1606,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,69],"tags":[45514,45499],"coauthors":[320794],"yoast_head":"\nRemoving Old Versions of TLS - Mozilla Security Blog<\/title>\n<meta name=\"description\" content=\"In March of 2020, Firefox will remove support for TLS 1.0 and TLS 1.1.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Martin Thomson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/\",\"name\":\"Removing Old Versions of TLS - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018-600x371.png\",\"datePublished\":\"2018-10-15T13:00:44+00:00\",\"dateModified\":\"2018-10-15T21:14:01+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/45a6bb9be27ed2a07e238631d0862fb8\"},\"description\":\"In March of 2020, Firefox will remove support for TLS 1.0 and TLS 1.1.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018.png\",\"width\":903,\"height\":558,\"caption\":\"TLS versions for all connections established by Firefox Beta 62, August-September 2018\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Removing Old Versions of TLS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/45a6bb9be27ed2a07e238631d0862fb8\",\"name\":\"Martin Thomson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/59632d6cecf756267598b69fabf8b874\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bb0db7354b6364920b4dfe1eeac61f34?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bb0db7354b6364920b4dfe1eeac61f34?s=96&d=identicon&r=g\",\"caption\":\"Martin Thomson\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Removing Old Versions of TLS - Mozilla Security Blog","description":"In March of 2020, Firefox will remove support for TLS 1.0 and TLS 1.1.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/","twitter_misc":{"Written by":"Martin Thomson","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/","url":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/","name":"Removing Old Versions of TLS - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018-600x371.png","datePublished":"2018-10-15T13:00:44+00:00","dateModified":"2018-10-15T21:14:01+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/45a6bb9be27ed2a07e238631d0862fb8"},"description":"In March of 2020, Firefox will remove support for TLS 1.0 and TLS 1.1.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2018\/10\/TLS-Version-Usage-Firefox-Beta-62-August-September-2018.png","width":903,"height":558,"caption":"TLS versions for all connections established by Firefox Beta 62, August-September 2018"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2018\/10\/15\/removing-old-versions-of-tls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Removing Old Versions of TLS"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/45a6bb9be27ed2a07e238631d0862fb8","name":"Martin Thomson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/59632d6cecf756267598b69fabf8b874","url":"https:\/\/secure.gravatar.com\/avatar\/bb0db7354b6364920b4dfe1eeac61f34?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bb0db7354b6364920b4dfe1eeac61f34?s=96&d=identicon&r=g","caption":"Martin Thomson"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2397"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1606"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2397"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2397\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2397"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}