The reason for disabling TLS 1.0 and TLS 1.1
As a part of security procedures at StatusHub we are monitoring usage of TLS versions used to connect to StatusHub servers. TLS is used to encrypt traffic between a client browser and the server he/she connects to in order to make sure that nobody can eavesdrop on communication sent through the network. As all software, those protocols are being improved and new versions are being released but what’s more important, vulnerabilities are being found as well. Those vulnerabilities can result in TLS being ineffective for the protocol versions impacted.
Currently, TLS 1.0 is not considered a secure protocol. Since each protocol version is accompanied by certain settings and encryption algorithms, TLS 1.1 can also be insecure for a specific combination of those encryption algorithms.
Under normal circumstances with modern browsers and operating systems, this is not a problem as browsers will default to the most recent version of TLS which is TLS 1.3 or TLS 1.2. However, there are certain types of attacks that can trick a browser and server to lower the TLS version to the lowest possible one, which can then be compromised.
In order to mitigate such an attack, we are announcing that protocols TLS 1.0 and TLS 1.1 will no longer be accepted starting Sep 30th, 2019.
Will this impact me?
We see that 99.43% of TLS traffic use TLS 1.2 so if you are on modern OS and modern browser, this change will not affect you. However if you are in the 0.57% of clients using an older browser or operating system, you will need to change your browser settings (Internet Explorer 8-10) or update you system/browser if it can’t support TLS 1.2.
A list of supported browsers is available on the CanIUse website:
The following are a couple of online tools which can check your browser compatibility:
If you have any questions or feedback about this post please contact us.