Tech insights and news. Best served hot.

2020

July
31

Disabling TLS 1.0 and 1.1

Encryption is standard on the Internet today with almost all websites and services using "HTTPS" and therefore TLS for data transmission. This umbrella term covers numerous techniques and algorithms that are constantly being further developed. It goes without saying that the cloudscale.ch systems support today's technologies in order to provide the best possible protection for your data. Consequently, we are going to disable the now outdated TLS versions 1.0 and 1.1 on our systems from 2020-08-11.

Where and when we will be disabling TLS 1.0/1.1

TLS versions 1.0 and 1.1 will be disabled on all cloudscale.ch systems that are accessible from the Internet. This includes the following systems, in particular, that you or your end customers may use:

  • Cloud control panel and API for management of your cloud resources
  • S3-compatible Object Storage

The changeover will take place in two stages: on 2020-08-11, we will disable these TLS versions on our Object Storage at our "LPG" site. In the following week, on 2020-08-18, the same changeover will take place on the Object Storage at the "RMA" location, and for our cloud control panel and API. The changeovers will take place without interruption to our services.

No disruption expected

TLS (Transport Layer Security) was specified as the successor to SSL encryption in 1999 and is still occasionally called "SSL" in everyday use today. Although certain improvements were introduced with TLS version 1.1 in 2006, there were still fundamental limitations that can only be described as outdated from today's security perspective.

TLS 1.2 was released as early as 2008 and is today supported by all modern applications, i.e. by server software as well as by the associated clients, such as web browsers. For this reason, we do not foresee any problems for our customers. During and after the changeover, access to our systems will continue to operate as expected with TLS 1.2 or the even more recent TLS 1.3.

If in doubt, we recommend that – despite the fact that TLS 1.2 is widely supported – you check the tools you use, in particular in the case of older or less common clients that require access to our API in the event of e.g. a failover scenario.

Old TLS versions barely relevant today

According to an evaluation on our own systems, TLS 1.0 and 1.1 are barely used for access today and, if access occurs at all, it is in the per mille range. These figures are not surprising given the consistent support for TLS 1.2 and in part already 1.3 in all modern client applications. The most common Internet browsers are even dropping support for the old TLS versions this year.

 

Disabling outdated security protocols that are no longer relevant to practice, is an unremarkable and logical step for us in the interest of general IT security. Should you nonetheless encounter unexpected problems in this context, our support team is here to help.

Kind regards,
Your cloudscale.ch team

More news. Further insights.

Try it yourself and launch a Swiss Linux server today!