To strengthen the security of HKCERT website, we will only support more secure versions of Transport Layer Security (TLS) protocol TLS 1.2 and TLS 1.3, and stop supporting TLS 1.0 and TLS 1.1 from April 1, 2020 onwards.
 
TLS 1.0 (published in 1999) and TLS 1.1 (published in 2006) are deemed not sufficiently secure according to the current cyber security standard. Attackers are able to exploit their weaknesses to decrypt the transmitted data. These two versions are to be deprecated by technology providers. For example, major browsers like Chrome and Firefox will stop supporting TLS 1.0 and TLS 1.1 in March 2020. Users should use the most updated browsers when possible.
 
HKCERT website still supports TLS 1.0 & TLS 1.1 until 31 March, 2020.
 
What is the impact?
From April 1, 2020, affected parties will not be able to browse the HKCERT website.
 
Who are affected?
Users whose browsers do not support TLS 1.2 or TLS 1.3 by default.
 
Browser versions does not support TLS 1.2 by default

  • Chrome versions earlier than 38
  • Firefox versions earlier than 27
  • Internet Explorer versions earlier than 11 (Microsoft Windows 7)
  • Safari (Mac OS) versions earlier than 7
  • Android versions earlier than 5.0
  • iOS versions earlier than 5.0

 
What can user do if they are affected? 
If you are using an older version browser, please upgrade it to the latest version.
 
References
1. Announcement from major browser vendors

  •  Apple       

        https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/

  •  Google

        https://security.googleblog.com/2019/10/chrome-ui-for-deprecating-legacy-tls.html

  •  Microsoft

        https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/

  •  Mozilla

        https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
 

2. Browser compatibility of TLS 1.2 

  • Atlassian

       https://qsportal.atlassian.net/wiki/spaces/DOC/pages/3571715/TLSv1.2+Browser+Compatibility





Source link

Write a comment:
*

Your email address will not be published.