In October 2018, a little less than two years ago, it was known that the main browsers would stop supporting TLS 1.0 and TLS 1.1 in 2020. The responsible companies, Google, Apple, Microsoft and Mozilla, announced the goodbye.
These cryptographic protocols had become obsolete over the years not so much due to known security problems, but due to their incompatibility with modern cryptographic algorithms and, of course, the adoption of their evolutions. The time had come to leave them behind.
Google Chrome, Mozilla Firefox and Microsoft Edge have had to back down on disabling TLS 1.0 and TLS 1.1 with the coronavirus as the main culprit
However, in the middle of the withdrawal of support, Google Chrome, Mozilla Firefox and Microsoft Edge have had to back down.
The reasons? Apparently different depending on who you ask, although Mozilla’s explanation may give clues: “We reversed the change for an indefinite period of time to better allow access to critical government sites that share COVID-19 information.”. The coronavirus attacking again.
A double responsibility
The removal of support for obsolete versions of TLS was due to the need to abandon the old standard and adopt the newer ones. for a matter of security. The idea was that if users stopped being able to visit the websites that use them, said portals would decide to update.
The problem now is that websites dependent on public administrations and essential to provide information regarding the coronavirus pandemic use these protocols and prevent indirectly accessing them with disabling TSL 1.0 and TSL 1.1 would be dangerous. This was made clear from Mozilla in the launch of Firefox 74.
Despite deferring the end of support for TLS 1.0 and TLS 1.1, Microsoft recommends that these protocols be discontinued “as soon as possible”
Microsoft and Google, on the other hand, have not been so explicit. The first blames the postponement of the change to “current global circumstances” and postpones it for July in the case of Chromium-based Edge and for September in the case of the rest of its browsers.
Without giving more details, although recommending that “all organizations stop using TLS 1.0 and TLS 1.1 as soon as possible.”
Google excuses the delay in the release of the version that was going to say goodbye to these protocols with “adjustments in working hours”
Google, meanwhile, had planned removing support for these outdated protocols with the release of Chrome 81Initially scheduled for mid-March. However, it was not released.
The reason given, also related to the effects of the COVID-19 pandemic, has to do with its development as they assure. “Due to work schedule adjustments at the moment, we are pausing on upcoming Chrome and Chrome OS releases,” they explained after learning that a large portion of their workers had been sent to work from home with the goal of to promote social distancing.