December 7, 2018 10:04 am
By Kyle Pflug / Senior Program Manager, Microsoft Edge
Share Tweet Share Share Skype
Yesterday, Joe Belfiore announced that we will be adopting the Chromium open source project for our development of Microsoft Edge. We encourage you to check out Joe’s blog post for all the details.
Alongside this announcement, we shared a document describing our open source principles and initial areas of focus. Today, we’ve posted a few more documents detailing our intent to contribute UIAutomation Provider Mappings to Chromium. We’ve also posted an update to the ChakraCore project on GitHub, clarifying the support status for that project.
To learn more about what’s next for Microsoft Edge, sign up at the Microsoft Edge Insider page for updates and notifications, and stay tuned here at the Microsoft Edge Blog for details and announcements in the coming months.
Tags Announcements ChakraCore Chromium EdgeHTML Microsoft Edge Insider Open Source
Share Tweet Share Share Skype
Today, we’re announcing our intent to disable Transport Layer Security (TLS) 1.0 and 1.1 by default in supported versions of Microsoft Edge and Internet Explorer 11 in the first half of 2020.
This change, alongside similar announcements from other browser vendors, supports more performant, secure connections, helping advance a safer browsing experience for everyone.
January 19th of next year marks the 20th anniversary of TLS 1.0, the inaugural version of the protocol that encrypts and authenticates secure connections across the web. Over the last 20 years, successor versions of TLS have grown more advanced, culminating with the publication of TLS 1.3, which is currently in development for a future version of Microsoft Edge.
Two decades is a long time for a security technology to stand unmodified. While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist. Moving to newer versions helps ensure a more secure Web for everyone. Additionally, we expect the IETF to formally deprecate TLS 1.0 and 1.1 later this year, at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF.
For these reasons, sites should begin to move off of TLS 1.0 and 1.1 as soon as is practical. Newer versions enable more modern cryptography and are broadly supported across modern browsers.
Most sites should not be impacted by this change. As TLS 1.0 continues to age, many sites have already moved to newer versions of the protocol – data from SSL Labs shows that 94% of sites already support TLS 1.2, and less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.
We are announcing our intent to disable these versions by default early, to allow the small portion of remaining sites sufficient time to upgrade to a newer version. You can test the impact of this change today by opening the Internet Options Control Panel in Windows and unchecking the “Use TLS 1.0” and “Use TLS 1.1” options (under Advanced -> Security).
– Kyle Pflug, Senior Program Manager, Microsoft Edge