Browser support for TLS 1.0 and 1.1 has ended

The four major browsers no longer support Transport Layer Security (TLS) 1.0 and 1.1.

What you need to know

This change doesn't affect your DigiCert certificates. Your certificates continue to work as they always have.

This change affects browser-dependent services and applications relying on TLS 1.0 or 1.1. Now that browser support for TLS 1.0 and 1.1 has ended, any out-of-date systems will be unable to make HTTPS connections.

What you need to do

If you are affected by this change and your system supports more recent versions of the TLS protocol, upgrade your server configuration as soon as you can to TLS 1.2 or TLS 1.3.

If you do not upgrade to TLS 1.2 or 1.3, your webserver, system, or agent will not be able to use HTTPS to securely communicate with the certificate.

Browser TLS 1.0/1.1 deprecation information

Firefox 78, released June 30, 2020

• https://www.mozilla.org/en-US/firefox/78.0/releasenotes/
• https://hacks.mozilla.org/2020/02/its-the-boot-for-tls-1-0-and-tls-1-1/

Safari 13.1, released March 24, 2020

• https://developer.apple.com/documentation/safari-release-notes/safari-13_1-release_notes

Chrome 84, released July 21, 2020

• https://www.chromestatus.com/feature/5759116003770368
• https://chromereleases.googleblog.com/2020/07/stable-channel-update-chrome-os.html

Edge v84, released 7/16/2020

• https://docs.microsoft.com/en-us/microsoft-edge/web-platform/site-impacting-changes
• https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel

Helpful resources

With so many unique systems relying on TLS, we can't cover all upgrade paths, but here are a few references that may help:

• To upgrade your Linux OpenSSL library, see https://blog.midtrans.com/time-to-upgrade-to-tls-version-1-2/.
• To enable TLS 1.2 with OpenSSL and Apache, see https://serverfault.com/questions/314858/how-to-enable-tls-1-1-and-1-2-with-openssl-and-apache.
• To enable TLS 1.2 in WinHTTP in Windows (Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1), see https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi.
• To disable support for TLS 1.0 and 1.1 in Windows Server 2019 IIS, see https://medium.com/@rootsecdev/configuring-secure-cipher-suites-in-windows-server-2019-iis-7d1ff1ffe5ea.