Are you having trouble with TLS 1.0 or 1.1? Here's why you're getting warnings

March 2020

Recently you may have found that your web browser no longer lets you connect to certain websites; instead you'll find that you're getting a warning telling you that the version of "TLS" in use is out of date.

This has caused a bit of confusion for some users, but there's no need to worry about your browser; the warning is not about the web browser, computer or phone that you're using... the warning is actually about the website you're connecting to.

The website is where the problem is!

The TLS warning that you're getting when you visit a website is your web browser letting you know that the site you're trying to connect to is using an out-dated and insecure way of encrypting the traffic to and from it.

In other words, the website you're connecting to is not securing it's internet traffic properly and there is a chance that the connection between you and the website could be eavesdropped & monitored and even tampered with or modified.

What's the risk?

So the website isn't encrypting its traffic properly... what's the risk? Well, if you're skimming through a Stranger Things fan-page on a personal website, ok you might think there's maybe not a huge risk to your privacy - but if you're getting this TLS warning when you connect to your Banking Institution's website, a social media site, a search engine, or any business or work related site then you would understand that having that traffic intercepted and changed would be disastrous!

However, our take is that even if you're just browsing cute pictures of cats it's really bad practice for the website you're visiting to not be encrypted properly.

And so, the makers of some of the most popular web browsers (in particular Chrome, Firefox, and soon Edge) have decided to help encourage a safer and more private internet by preventing anyone accidentally connecting to a website which is no longer secure.

Website owners need to upgrade their encryption

Website developers have known that older versions of TLS encryption have been out of date for a long time (the warning bells started sounding in November 2018), and so this is part of a final push to snuff the use of them out, in favour of TLS 1.2 and 1.3 which are newer and much more secure.

As a visitor, there's not much you can do about it; the burden lies on the website you're trying to visit. Hopefully they will have seen that suddenly very few people are connecting to their website and realise they need to take action. You might choose to contact them yourself and let them know that you're having trouble with their site.

"I'm an affected website owner, what do I do?"

If you run a website that's giving your visitors this error then - in short - what you need to do is switch your website server to support TLS 1.2 (and perhaps TLS 1.3). In some cases, depending on the version of your web server this may be as simple as changing a setting and restarting the server. Depending on how your system is set up, this may also involve generating a new TLS certificate using version 1.2. Generating a new certificate generally involves going back to the company who issued your TLS certificate and going through the process of generating a new one and the installing it on your web server.

If you weren't personally responsible for setting up the server and instead employed someone to do it for you, then you would probably be better off asking them to do it for you. Changing these settings and (and potentially generating and installing a new certificate) isn't "hard" per-se, but it does involve a bit of technical knowledge and experience to do smoothly.

The exact specifics of it are beyond the scope of this article, but a good developer or sys admin should know how to do it or be able to learn it.

In conclusion

While it might be temporarily a bit annoying for website visitors to older websites, the fact that Chrome, Firefox (and soon other web browsers) are preventing connections to older and insecure websites will ultimately help the internet become - and stay - safer and more secure for every one.

Questions?

This is a pretty technical topic but we've tried to keep our explanation clear and simple as possible. If something didn't make sense or if you have more questions, just contact us and let us know; we're always happy to clarify it for you.

Get a VPN to help stay safe online