Overview#Deprecating TLSv1.0 and TLSv1.1 is an Internet Draft which Deprecated Transport Layer Security (TLS 1.0) versions 1.0 RFC 2246 and TLS 1.1 RFC 4346 were superseded by TLS 1.2 RFC 5246 in 2008, which has now itself been superseded by TLS 1.3 RFC 8446 in August 2018
It is therefore timely to further deprecate these old versions.
Technical reasons for deprecating these versions include:
- They require implementation of older Cipher Suites that are no longer desirable for cryptographic reasons, e.g. TLS 1.0 makes TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA mandatory to implement
- Lack of support for current recommended cipher suites, especially using AEAD ciphers which are not supported prior to TLS 1.2.
- Integrity of the handshake depends on SHA-1 hash
- Authentication of the peers depends on SHA-1 Digital Signatures
- Support for four protocol versions increases the likelihood of misconfiguration
- At least one widely-used library has plans to drop TLSv1.1 and TLSv1.0 support in upcoming releases; products using such libraries would need to use older versions of the libraries to support TLSv1.0 and TLSv1.1, which is clearly undesirable