News has broken about today’s launch of Chrome 81 and its implications for the hundreds of thousands of websites that still use the outdated TLS 1 & 1.1 standards.
We have known from some time that Chrome 81 will restrict access to any website using TLS 1 & 1.1, marking them as insecure. Websites still relying on these standards include those of major banks, retailers, news organisations and other high-profile businesses.
TLS certificates are a vital type of machine identity, part of the system of online trust that our entire digital world is built on. They enable browsers and websites to know what can or can’t be trusted, and communicate with each other securely. Yet the TLS 1 and 1.1 machine identity protocols are decades old, and have been found to be vulnerable to a number of cryptographic attacks. As the world’s most popular browser, Chrome’s decision to remove these outdated protocols is therefore a major boost for the security of its users. Yet for the hundreds of thousands of websites that still use these machine identities, Chrome will force them into quickly replacing TLS 1 and 1.1 or face the prospect of greeting visitors to their websites with insecure warnings, which can damage their business as well as their credibility. Chrome’s move underlines just how important it is for businesses to be able to quickly find and replace outdated machine identities. With all of the major browsers now putting similar measures in place, this level of cryptoagility is now more important than ever.