Security News > 2020 > February > Mozilla issues final warning to websites using TLS 1.0

We're committed to completely eradicating weak versions of TLS because at Mozilla we believe that user security should not be treated as optional.

Although not exactly a household name, TLS is the encryption protocol that makes several types of secure connection possible, including secure versions of SMTP, POP3, FTP and of, course, HTTP. For example, when a browser visits a site using HTTPS, TLS sets up authentication, the exchange of session keys, and agreement on cipher suites.

TLS 1.1 arrived in 2006 but was quickly improved upon by TLS 1.2 two years later.

Going from TLS 1.0 to 1.3 might not sound like a huge jump but TLS 1.3 is vastly more secure and more optimised for the speed of today's internet - both valid reasons to ask sites to get rid of older versions.

It's not clear how many sites still use TLS 1.0 and 1.1 - Google estimates around 0.75% of page loads - but even a small sliver of sites is now too many.

News URL

https://nakedsecurity.sophos.com/2020/02/12/mozilla-issues-final-warning-to-websites-using-tls-1-0/