31 March 2021

IETF formally deprecates TLS 1.0 and TLS 1.1


IETF formally deprecates TLS 1.0 and TLS 1.1

The Internet Engineering Task Force (IETF) has officially deprecated the Transport Layer Security (TLS) 1.0 (RFC 2246) and TLS 1.1 (RFC 4346)cryptographic protocols for security reasons. Both these documents have now been moved to Historic status.

The reason behind this move is that TLS 1.0 and TLS 1.1 lack support for current and recommended cryptographic algorithms and mechanisms, which enables malicious actors to take advantage of weaknesses in TLS 1.0/1.1 to compromise encrypted communications and conduct attacks against organizations.

In addition to the TLS 1.0/1.1 versions, IETF has also deprecated Datagram TLS (DTLS) version 1.0 (RFC 4347).

Technical reasons for deprecating these versions include:

-They require the implementation of older cipher suites that are no longer desirable for cryptographic reasons, e.g., TLS 1.0 makes TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA mandatory to implement.

-There is a lack of support for current recommended cipher suites, especially authenticated encryption with associated data (AEAD)ciphers, which were not supported prior to TLS 1.2. Note that registry entries for no-longer-desirable ciphersuites remain in the registries, but many TLS registries were updated by [RFC8447], which indicates that such entries are not recommended by the IETF.

-The integrity of the handshake depends on SHA-1 hash.

-The authentication of the peers depends on SHA-1 signatures.

-Support for four TLS protocol versions increases the likelihood of misconfiguration.

-At least one widely used library has plans to drop TLS 1.1 and TLS 1.0 support in upcoming releases; products using such libraries would need to use older versions of the libraries to support TLS 1.0 and TLS 1.1, which is clearly undesirable.

IETF is now urging all government entities, organizations and software developers to use more secure TLS 1.2 and TLS 1.3 versions.

“Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance,” the IETF’s memo reads.

Back to the list

Latest Posts

Chinese hackers reportedly behind hundreds cyber attacks in Japan

Chinese hackers reportedly behind hundreds cyber attacks in Japan

The attacks targeted nearly 200 companies and organizations in Japan, including the country's space agency and defence firms.
20 April 2021
Lazarus APT has found a clever way to conceal its malicious code

Lazarus APT has found a clever way to conceal its malicious code

The hacker group is now using BMP images to drop its RAT.
20 April 2021
Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Reuters: Hundreds of customer networks breached in Codecov supply-chain attack

Hackers have used Bash Uploader to gain access to hundreds of networks belonging to the company’s customers.
20 April 2021