TLS 1.2 will be mandatory as of March 2020
Already deprecated for certain uses such as bank transactions, TLS 1.0 and 1.1 protocols are now being deprecated by most browsers. Mozilla Firefox has already started displaying an alert on the lock of its 68 version.
On March 2020 all servers will have to serve their contents using TLS 1.2 at least in order to keep compatibility with the main browsers.
- Mozilla Firefox announces March 2020.
- Chrome announces an access in January 2020 via its early release channel. Several weeks even months will be necessary for the public release.
- Webkit/Safari announces March 2020 as well.
- Microsoft announces the first semester of 2020 for Edge.
We recommend to prioritize the version 1.3 of TLS when possible. However only a few number of platforms can handle this version. It is the case of some cryptographic libraries in their last version such as OpenSSL from 1.1.1.
Servers compatibility
We have checked the compatibility of several server platforms with TLS 1.2.
Microsoft
Windows Server handles TLS 1.2 from the version 2008 R2 (IIS 7.5) but it has to be enabled manually.
TLS 1.2 is only available by default from the version 2012 (IIS8).
Openssl (Apache, Nginx, etc)
Regarding the software based on openSSL (Apache, Nginx, Postfix, etc) the version 1.0.1ais required at least. The later branches (1.0.2 et 1.1.X) have the support by default. The versions 1.1.1 and higher also handle TLS 1.3.
Openssl deployment per distribution:
Distribution | Version | OpenSSL version |
---|---|---|
Debian | 7 (Wheezy) | 1.0.1e |
Centos | 6 | 1.0.1e |
Ubuntu | 14.04 | 1.0.1f |
Java (Tomcat, JBoss, etc)
Regarding software based on Java, you'll need Java 7, version 1.7.0_131-b31 at least. Java 8 and higher handle TLS 1.2 by default.
Useful links
- TLS 1.0 and 1.1 deprecation by Firefox
- TLS 1.0 and 1.1 deprecation by Chrome
- TLS 1.0 and 1.1 deprecation by Webkit/Safari
- TLS 1.0 and 1.1 deprecation by Edge
- List of Openssl 1.0.1 branch modifications
- Debian archive
- Centos 6 packages
- Former Ubuntu releases packages
- Java 7 update 131 release notes
Is you server concerned?
Run a test with our tool Co-Pibot. It will tell you if your server is impacted and how to fix it.