Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


TLS 1.2 will be mandatory as of March 2020

Already deprecated for certain uses such as bank transactions, TLS 1.0 and 1.1 protocols are now being deprecated by most browsers. Mozilla Firefox has already started displaying an alert on the lock of its 68 version.

On March 2020 all servers will have to serve their contents using TLS 1.2 at least in order to keep compatibility with the main browsers.

  • Mozilla Firefox announces March 2020.
  • Chrome announces an access in January 2020 via its early release channel. Several weeks even months will be necessary for the public release.
  • Webkit/Safari announces March 2020 as well.
  • Microsoft announces the first semester of 2020 for Edge.

We recommend to prioritize the version 1.3 of TLS when possible. However only a few number of platforms can handle this version. It is the case of some cryptographic libraries in their last version such as OpenSSL from 1.1.1.

Servers compatibility

We have checked the compatibility of several server platforms with TLS 1.2.

Microsoft

Windows Server handles TLS 1.2 from the version 2008 R2 (IIS 7.5) but it has to be enabled manually.

TLS 1.2 is only available by default from the version 2012 (IIS8).

Openssl (Apache, Nginx, etc)

Regarding the software based on openSSL (Apache, Nginx, Postfix, etc) the version 1.0.1ais required at least. The later branches (1.0.2 et 1.1.X) have the support by default. The versions 1.1.1 and higher also handle TLS 1.3.

Openssl deployment per distribution:

Distribution Version OpenSSL version
Debian 7 (Wheezy) 1.0.1e
Centos 6 1.0.1e
Ubuntu 14.04 1.0.1f

Java (Tomcat, JBoss, etc)

Regarding software based on Java, you'll need Java 7, version 1.7.0_131-b31 at least. Java 8 and higher handle TLS 1.2 by default.

Useful links

Is you server concerned?

Run a test with our tool Co-Pibot. It will tell you if your server is impacted and how to fix it.

Access Co-Pibot