“Not Secure” indicator appears in Chrome for sites that use outdated TLS-versions

As we mentioned in a previous publication, major browsers, including Google, Mozilla, Microsoft, and Apple, announced that they were withdrawing support for TLS 1.0 and 1.1 in their products in 2019. These protocols, despite the fact that they do not have any known vulnerabilities, do not support modern cryptographic algorithms.

The Chrome team recently announced what warnings will be displayed to browser users when they visit sites with outdated versions of the TLS protocol.

Chrome developers plan to stop supporting TLS 1.0 and 1.1 in two phases.

During the first stage, the browser will display a warning that the site is using an outdated TLS protocol.

The browser will display the “Not Secure” indicator, starting with the version of Chrome 79, which will be released on 13 January 2020. When you click on the indicator, a warning will be displayed stating that the connection to the site is not fully secure. At this stage, there will be no blocking of TLS 1.0 and 1.1.

Full blocking will follow in the second stage. According to Google’s plans, this should happen in March 2020 with the release of Chrome 81. In this case, a full-screen warning will appear indicating that the site is using an outdated security configuration that could lead to disclosure of transmitted data.

Google recommends that all site owners upgrade to TLS version 1.2 or later. In corporate environments, it will be possible to temporarily enable TLS 1.0 / 1.1 and hide related warnings until January 2021. You can implement this using the SSLVersionMin policy.

Subscribe to our newsletter to keep abreast of the latest news from the world of SSL and online security.