Deprecation of TLS 1.0 and 1.1
Since Chrome 79 a ‘not secure’ warning is shown for sites that use TLS 1.0 or 1.1 and do not support TLS 1.2 or greater. From Chrome 84 onwards (scheduled for release on the 4th of August) the site will become inaccesible if it doesn’t support TLS 1.2 at a minimum. Any sites which don’t support TLS 1.2 from the 4th of August onwards will display a full page warning.
What is TLS?
TLS is a cryptographic protocol that encrypts data when transferred over the internet. This is important because it prevents hackers and other malicious actors from eavesdropping on your communications. TLS 1.0 has been widely used since the early 2000’s. There are four TLS versions: TLS 1.0, 1.1, 1.2 and 1.3. TLS 1.3 is the latest TLS version and has been released in 2018.
Why is it important to keep my TLS version up-to-date?
Older versions of TLS (1.0 and 1.1) contain known security vulnerabilities. Therefore it’s important to update your TLS version to at least version 1.2. Even better would be to disable TLS 1.0 and 1.1 support entirely. Luckily most hosting providers are aware of this. However, we still see some sites which don’t support TLS 1.2. If your site uses an insecure version of TLS, you can ask your hosting provider to upgrade it.
How do I check which TLS version my site uses?
The TLS support of your webserver can be checked here.