In March 2020, major web browsers will stop supporting TLS 1.0 and TLS 1.1.
If you manage your own web servers, you’ll need to enable TLS 1.2 (and, ideally, TLS 1.3).
Otherwise, if you’re still using TLS 1.0 or TLS 1.1, your visitors will see an error when they try to access your sites.
Why the change to browser TLS support?
The announcements to drop support for TLS 1.0 and 1.1 came last year from Microsoft, WebKit, Mozilla, and Google:
“Two decades is a long time for a security technology to stand unmodified. While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist. Moving to newer versions helps ensure a more secure Web for everyone. Additionally, we expect the IETF to formally deprecate TLS 1.0 and 1.1 later this year, at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF.”
“Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging (often sensitive) information. To best safeguard this data, it is important to use modern and more secure versions of this protocol. Specifically, applications should move away from TLS 1.0 and 1.1.”
— WebKit
For sites that need to upgrade, the recently released TLS 1.3 includes an improved core design that has been rigorously analyzed by cryptographers. TLS 1.3 can also make connections faster than TLS 1.2. Firefox already makes far more connections with TLS 1.3 than with TLS 1.0 and 1.1 combined.
— Mozilla
Google Chrome will deprecate TLS 1.0 and TLS 1.1 in Chrome 72. Sites using these versions will begin to see deprecation warnings in the DevTools console in that release. TLS 1.0 and 1.1 will be disabled altogether in Chrome 81. This will affect users on early release channels starting January 2020. Apple, Microsoft, and Mozilla have made similar announcements.
Bottom line? It’s another step forward to a faster, more secure web.
Will your sites be affected?
Which version of TLS are you running? Use GoDaddy’s Certificate Checker tool to determine which TLS version you’re currently using. It’ll also provide additional details, including the validity of your site’s SSL certificate.
How do you enable TLS 1.2+ on your server?
If you aren’t using TLS 1.2 or later, you’ll need to make the switch.
Are you hosting with GoDaddy?
If you’re on one of our WordPress hosting or current shared hosting plans (cPanel), good news — you’re already running TLS 1.2.
If you’re on an older GoDaddy shared hosting plan, you may still be running TLS 1.1. If that’s the case, you’ll need to switch to one of our new shared hosting plans.
If you’re on a VPS or Dedicated server with GoDaddy, you can manage your own TLS versions within your cPanel configuration. Refer to the official cPanel documentation for details.
Are you hosting elsewhere?
Check with your web hosting provider. They should be able to tell you which version of TLS your sites are using, and help you through the upgrade process.
If you’re unable to get help from your current hosting provider, consider moving to a new hosting plan with us. One of our GoDaddy Guides would be happy to help you through the process.
The post Browsers end support for TLS 1.0 and 1.1 in March 2020 appeared first on GoDaddy Blog.