Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

2020-06-30 03:57

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.

"Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.

For developers and site admins, that means if you're creating or renewing certs after September 1, make sure they expire within that time limit, or they won't work as you expect in Safari, on iOS, and with other Apple software.

Apple reckons this policy ensures websites and apps refresh their certs once a year, thus encouraging them to use the latest cryptographic standards, and ensures stolen certs cannot be used for long-running phishing campaigns and other shenanigans as they'll expire soon enough.

After those proposals were shot down in a vote, Apple went ahead anyway with a one-year-max policy and bypassed the industry forum, a move backed by the Chromium team.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/06/30/tls_cert_lifespan/

#apple #cert #chrome #crack #firefox #http #https

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apple		130	561	4080	1550	2432	8623

News URL

Related news

Related vendor