Deprecating TLS 1.0 and TLS 1.1 … kill them now!

Pierluigi Paganini June 19, 2018

The Internet-Draft document if approved formally deprecates Transport Layer Security versions 1.0 (TLS 1.0) [RFC2246] and 1.1 (TLS 1.1) [RFC4346].

In March, the Internet Engineering Task Force (IETF) finally announced the approval of TLS 1.3, the new version of the Transport Layer Security traffic encryption protocol.

It was a long journey, the IETF has been analyzing proposals for TLS 1.3 since April 2014, the final release is the result of the work on 28 drafts.

The TLS protocol was designed to allow client/server applications to communicate over the Internet in a secure way preventing message forgery, eavesdropping, and tampering.

TLS 1.2 and TLS 1.3 are quite different, the new version introduces many major features to improve performance and to make the protocol more resilient to certain attacks such as the ROBOT technique.

Surprisingly the both TLS 1.0 and TLS 1.1 version are still adopted online, in many cases the migration of application is still waiting for the commitment of the management to start exposing users to serious risks.

Some experts argue the best way to make the Internet more secure is to ban application fallback to both TLS 1.0 and 1.1 standards.

The PCI Council’s deprecation deadline of June 30, 2018, is upon us and the Internet-Draft urges the deprecation of insecure protocols.

The support for TLSv1.0 has been removed or will be by July 2018 from several standards, products, and services, including 3GPP 5G, CloudFare, Amazon Elastic Load Balancing, o GitHub.

The Draft also highlights that supporting older versions also requires additional effort for library and product maintenance.

“This document [if approved] formally deprecates Transport Layer Security (TLS) versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves these documents to the historic state. These versions lack support for current and recommended cipher suites, and various government and industry profiiles of applications using TLS now mandate avoiding these old TLS versions.” reads the Draft.

TLS 1.0 deprecated

“Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,01}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,01}.” continues the draft. “Any party receiving a Hello message with the protocol version set to {03,01} MUST respond with a ‘protocol_version’ alert message and close the connection.”

The publication of TLS 1.3 will happen very soon, it is currently under the final review.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – TLS, encryption)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment