TLS 1.3 is out: Major boost for web security Expect wide and fast adoption of the latest web encryption protocol after engineers finalise Transport Layer Security (TLS) version 1.3. See also 10 dangerous app vulnerabilities to watch out for (free PDF) More than two years after Google, Firefox, and Microsoft have taken steps to deprecate TLS/SSL certificates signed with the SHA-1 algorithm, Apple has finally announced a similar measure this week. In a support page published last night, the Cupertino OS maker said that starting with iOS 13 and macOS 10.15 (Catalina), the two operating systems won’t support HTTPS traffic that uses TLS certificates signed with the SHA-1 algorithm. “TLS server certificates and issuing CAs must use a hash algorithm from the SHA-2 family in the signature algorithm,” the company said. “SHA-1 signed certificates are no longer trusted for TLS.” All HTTPS traffic — from apps and the Safari browser — must now use a TLS certificate that has been signed with at least the SHA-2 algorithm, Apple said. Took a while… Apple was the last major browser maker that was still supporting TLS/SHA-1 certificates. Google removed SHA-1 support from Chrome with the release of Chrome 56, at the end of January 2017; Firefox removed SHA-1 support in Firefox 51, also released at the end of January 2017; and Microsoft dropped support for SHA-1 in Edge and Internet Explorer in mid-2017. Browser makers abandoned SHA-1 after a team of academics broke the SHA-1 hashing function in February 2016. Their research… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.