Last October we announced our plans to remove support for TLS 1.0 and 1.1 in Chrome 81. In this post we’re announcing a pre-removal phase in which we’ll introduce a gentler warning UI, and previewing the UI that we’ll use to block TLS 1.0 and 1.1 in Chrome 81. Site administrators should immediately enable TLS 1.2 or later to avoid these UI treatments.
While legacy TLS usage has decreased, we still see over 0.5% of page loads using these deprecated versions. To ease the transition to the final removal of support and to reduce user surprise when outdated configurations stop working, Chrome will discontinue support in two steps: first, showing new security indicators for sites using these deprecated versions; and second, blocking connections to these sites with a full page warning.
Pre-removal warning
Starting January 13, 2020, for Chrome 79 and higher, we will show a “Not Secure” indicator for sites using TLS 1.0 or 1.1 to alert users to the outdated configuration:
The new security indicator and connection security information that will be shown to users who visit a site using TLS 1.0 or 1.1 starting in January 2020.
When a site uses TLS 1.0 or 1.1, Chrome will downgrade the security indicator and show a more detailed warning message inside Page Info. This change will not block users from visiting or using the page, but will alert them to the downgraded security of the connection.
Note that Chrome already shows warnings in DevTools to alert site owners that they are using a deprecated version of TLS.
Removal UI
In Chrome 81, which will be released to the Stable channel in March 2020, we will begin blocking connections to sites using TLS 1.0 or 1.1, showing a full page interstitial warning:
The full screen interstitial warning that will be shown to users who visit a site using TLS 1.0 or 1.1 starting in Chrome 81. Final warning subject to change.
Site administrators should immediately enable TLS 1.2 or later. Depending on server software (such as Apache or nginx), this may be a configuration change or a software update. Additionally, we encourage all sites to revisit their TLS configuration. In our original announcement, we outlined our current criteria for modern TLS.
Enterprise deployments can preview the final removal of TLS 1.0 and 1.1 by setting the SSLVersionMin policy to “tls1.2”. This will prevent clients from connecting over these protocol versions. For enterprise deployments that need more time, this same policy can be used to re-enable TLS 1.0 or TLS 1.1 and disable the warning UIs until January 2021.
Posted by Chris Thompson, Chrome security team
Source: Chromium Blog: Chrome UI for Deprecating Legacy TLS Versions
My Computer
At a glance
64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- Self built custom
- OS
- 64-bit Windows 11 Pro for Workstations
- CPU
- Intel i7-8700K OC'd to 5 GHz
- Motherboard
- ASUS ROG Maximus XI Formula Z390
- Memory
- 64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
- Graphics Card(s)
- ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
- Sound Card
- Integrated
- Monitor(s) Displays
- 2 x Samsung Odyssey G7 27"
- Screen Resolution
- 2560x1440
- Hard Drives
- 1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
- PSU
- Seasonic Prime Titanium 850W
- Case
- Thermaltake Core P3
- Cooling
- Corsair Hydro H115i
- Keyboard
- Logitech wireless K800
- Mouse
- Logitech MX Master 4
- Internet Speed
- 2 Gb/s Download and 100 Mb/s Upload
- Antivirus
- Malwarebyte Anti-Malware Premium
- Browser
- Google Chrome
- Other Info
- Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
