Apple Announced that TLS 1.0 and 1.1 Has Been Deprecated in iOS 15, iPadOS 15, macOS 12, and More
The Tech Giant Also Stated that Support for the Protocols Will Be Removed in Future Releases.
As part of Apple’s continuing efforts to replace the rather old security protocols with more modern versions, the tech giant has deprecated the vulnerable Transport Layer Security (TLS) 1.0 and 1.1 protocols in its most recent product versions.
The organization also announced that it intends to completely remove support for the protocols in future releases.
What Is TLS?
Transport Layer Security (TLS) is a cryptographic protocol designed to safeguard web traffic. It ensures data integrity and confidentiality in transit between clients and servers accessing and interchanging information.
Apps such as voice over IP, instant messaging, and email use this secure communication protocol.
As mentioned by BleepingComputer, the first TLS 1.0 specification and its TLS 1.1 successor were utilized for almost two decades. TLS 1.0 was initially defined in January 1999 as an upgrade of SSL Version 3.0 and TLS 1.1 in April 2006, both deprecated in 2020.
Yesterday, Apple announced that the Internet Engineering Task Force (IETF) deprecated TLS 1.0 and 1.1 as of March 25, 2021. The IETF approved TLS, version 1.3, in March 2018. It took four years of discussions and 28 protocol drafts for the IETF to approve the new version.
As part of ongoing efforts to modernize platforms, and to improve security and reliability, TLS 1.0 and 1.1 have been deprecated by the Internet Engineering Task Force (IETF) as of March 25, 2021.
These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases.
The tech giant recommends those whose apps continue to use legacy TLS 1.0 or 1.1 to start planning for a transition to TLS 1.2 or later as soon as possible.
Because the feature necessitates connections secured with modern TLS certificates, users who have enabled App Transport Security (ATS) on all connections are not required to make any extra changes to their app.
Developers are urged by Apple to build in support for TLS 1.3, saying it is “faster and more secure.”
Also, they ask users to ensure their web servers back up the newest variants and remove the following deprecated Security.framework symbols from their apps:
BleepingComputer announced in January this year that NSA provided advice for users in order to identify and change old Transport Layer Security (TLS) protocol variants with more modern and safe ones.
Obsolete configurations provide adversaries access to sensitive operational traffic using a variety of techniques, such as passive decryption and modification of traffic through man-in-the-middle attacks.
Attackers can exploit outdated transport layer security (TLS) protocol configurations to gain access to sensitive data with very few skills required.