Apple is coming together with Google, Microsoft, and Mozilla to deprecate the use of TLS 1.0 and 1.1 by early 2020. TLS stands for Transport Layer Security and is used to protect web traffic. ArsTechnica was first to report on the agreement, while Apple’s WebKit blog has also detailed the change.
In a post on the WebKit blog, Apple’s Secure Transport team explained that TLS provides confidentiality and integrity of data transmitted between clients and servers:
Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging (often sensitive) information. To best safeguard this data, it is important to use modern and more secure versions of this protocol.
TLS 1.0 was first published in January 1999, with TLS 1.1 following it up in 2006. Most recently, TLS 1.3 was finalized back in August.
Apple’s Secure Transport team goes on to explain that the latest TLS 1.2 version provides “security fit for the modern web” and is already a standard on Apple platforms. Currently, TLS 1.2 represents 99.6 percent of TLS connections made from Safari, Apple says. On a broader scale, some 94 percent of sites support TLS 1.2.
Now is the time to make this transition. Properly configured for App Transport Security (ATS) compliance, TLS 1.2 offers security fit for the modern web. It is the standard on Apple platforms and represents 99.6% of TLS connections made from Safari. TLS 1.0 and 1.1 — which date back to 1999 — account for less than 0.36% of all connections.
Safari on macOS and iOS will fully drop support for TLS 1.0 and 1.1 in March of 2020. Microsoft, Google, and Firefox are expected to drop support around the same time.