Firefox’s latest update and its implications for the hundreds of thousands of websites that still use the outdated TLS 1 & 1.1 standards.
With this update, Firefox will restrict access to any website using TLS 1 & 1.1, marking them as insecure. Websites still relying on these standards include those of major banks, retailers, news organizations and other high-profile businesses.
Firefox 74 arrives with stricter add-on rules, TLS 1.0 and TLS 1.1 disabled https://t.co/kGbrQfZIfo pic.twitter.com/RR41HqnTFM
— News Kekinian (@newslet007) March 10, 2020
TLS certificates are a vital type of machine identity, part of the system of online trust that our entire digital world is built on. They enable browsers and websites to know what can or can’t be trusted, and communicate with each other securely. Yet the TLS 1 and 1.1 machine identity protocols are decades old, and have been found to be vulnerable to a number of cryptographic attacks. Firefox’s decision to remove these outdated protocols is therefore a major boost for the security of its users. Yet for the hundreds of thousands of websites that still use these machine identities, Firefox 74 will force them into quickly replacing TLS 1 and 1.1 or face the prospect of greeting visitors to their websites with insecure warnings, which can damage their business as well as their credibility. Firefox’s move underlines just how important it is for businesses to be able to quickly find and replace outdated machine identities. With the other major browsers expected to follow suit, this level of cryptoagility is now more important than ever.