Advertisement

Microsoft browsers will disable 20-year-old security protocol

Microsoft Edge and Internet Explorer will disable TLS 1.0 and 1.1 by default.

Microsoft has announced that it will be disabling the oldest versions of the Transport Layer Security (TLS) protocol in Edge and Internet Explorer 11 by default in 2020. The company said in a blog post that the move is intended to help "advance a safer browsing experience for everyone" and it's giving advance notice so that the few websites that still rely on TLS 1.0 and 1.1 can upgrade to newer versions ahead of the switch.

TLS 1.0 is almost 20 years old, and while it was developed to secure web connections, subsequent versions have become more advanced, rendering it largely obsolete. SSL Labs reports that 94 percent of websites support TLS 1.2 and Microsoft says less that one percent of daily Microsoft Edge connections are using TLS 1.0 or 1.1. Further, the Internet Engineering Task Force approved TLS 1.3 earlier this year and is expected to deprecate TLS 1.0 and 1.1 in the near future.

"While we aren't aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist," said Microsoft. "Moving to newer versions helps ensure a more secure web for everyone." The company plans to disable TLS 1.0 and 1.1 be default in Microsoft Edge and Internet Explorer 11 within the first half of 2020.