Transport Layer Security
Cryptographic protocols for securing data in transit
Follow Transport Layer Security on Notably News to receive short updates to your email — rarely!
We include updates on HTTPS, Man-in-the-middle attack, Server Name Indication, Certificate authority, Public key infrastructure, Heartbleed, Forward secrecy, Online Certificate Status Protocol, DNS over TLS, Padding oracle attack, Let's Encrypt, Cipher suite, OCSP stapling, FTPS, Root certificate, Certificate revocation list ... and more.
| February 2025 |
Certificate Transparency
Mozilla Firefox desktop version 135 began requiring Certificate Transparency for all certificates issued by a certificate authority in Mozilla's Root CA Program.
|
| May 2024 | Website protocol support snapshot reveals significant variations in TLS protocol version usage, with most versions showing security concerns ranging from insecure to deprecated status. |
| August 2023 |
Online Certificate Status Protocol
CA/Browser Forum removed the requirement for certificate authorities to provide OCSP (Online Certificate Status Protocol) service.
|
| January 2023 |
HTTPS Everywhere
HTTPS Everywhere browser extension was discontinued due to widespread HTTPS adoption and native browser HTTPS-only modes.
|
| January 29 2023 |
DNS over TLS
Unwind DNS software added support for DNS over TLS (DoT), further expanding the protocol's adoption among DNS server applications.
|
| January 22 2023 |
DNS over TLS
Unbound DNS server software began supporting DNS over TLS (DoT), marking a significant milestone in encrypted DNS protocol implementation.
|
| 2022 | Introduction of DTLS version 1.3, created as a delta to TLS 1.3, designed to provide equivalent security guarantees with the exception of order protection and non-replayability. |
| 2022 |
HTTPS Everywhere
Firefox for Android and Firefox Focus introduced an HTTPS-only mode, inspired by the HTTPS Everywhere initiative.
|
| April 2022 |
Datagram Transport Layer Security
DTLS specification document released for use with User Datagram Protocol (UDP).
|
| April 2022 | Let's Encrypt was awarded the Levchin Prize for improvements to the certificate ecosystem. |
| February 2022 |
Certificate Transparency
Google published an update to their Certificate Transparency policy, removing the requirement for certificates to include a Signed Certificate Timestamp (SCT) from their own CT log service, aligning with Apple's previous requirements.
|
| 2021 |
HTTPS Everywhere
Google Chrome launched its HTTPS-only mode, following the influence of HTTPS Everywhere.
|
| 2021 |
Qualified website authentication certificate
European Union proposes updates to eIDAS (electronic Identification, Authentication and Trust Services) regulation, requiring web browsers to incorporate government-specified 'Trusted Service Providers' and accept Qualified Website Authentication Certificates (QWACs).
|
| December 2021 |
Certificate Transparency
'Certificate Transparency Version 2.0' was published, including major changes to log certificate structure, support for Ed25519 signature algorithm, and certificate inclusion proofs. However, the version was not adopted by the industry and considered 'Dead on arrival'.
|
| June 1 2021 | ACMEv1 API was completely shut down, marking the full end of the pre-standard ACME protocol |
| March 2021 | TLS 1.0 and 1.1 were formally deprecated, marking the end of these earlier protocol versions. |
| March 29 2021 |
Export of cryptography from the United States
The Implementation of Wassenaar Arrangement 2019 Plenary Decisions was published in the Federal Register, including changes to license exception ENC Section 740.17 of the Export Administration Regulations (EAR).
|
| January 2021 | Let's Encrypt began implementing 24-hour brownouts for ACMEv1 protocol |
| 2020 |
Certificate authority
According to Netcraft, DigiCert was identified as the world's largest high-assurance certificate authority, commanding 60% of the Extended Validation Certificate market and 96% of organization-validated certificates globally.
|
| 2020 | Web sites widely deprecated support for TLS versions 1.0 and 1.1, effectively disabling access for older browsers like Firefox versions before 24 and Chromium-based browsers before version 29. |
| 2020 |
HTTPS Everywhere
Firefox integrated a built-in HTTPS-only mode, demonstrating the direct impact of the HTTPS Everywhere project.
|
| 2020 |
DNS over TLS
Apple's iOS 14 introduced OS-level support for DNS over TLS and DNS over HTTPS, though with limited manual configuration options.
|
| December 2020 |
Kazakhstan man-in-the-middle attack
Kazakhstan government attempted to re-introduce the government-issued root certificate for a third time. Browser vendors responded by announcing they would block the certificate by invalidating it in their browsers.
|
| September 3 2020 | Let's Encrypt issued six new certificates, including a new ECDSA root named 'ISRG Root X2', four intermediates, and one cross-sign. The new root was cross-signed with ISRG Root X1. |
| June 2020 | Let's Encrypt ceased accepting new domain validations for ACMEv1 protocol |
| March 2020 |
Extended Validation Certificate
CA/B Forum implemented a new limitation on domain validation and organization data reuse, restricting maximum validity to 397 days (not to exceed 398 days).
|
| March 2020 | Let's Encrypt was awarded the Free Software Foundation's annual Award for Projects of Social Benefit. |
| March 3 2020 | Let's Encrypt announced potential revocation of over 3 million certificates due to a software flaw. |
| February 2020 |
Certificate Transparency
Let's Encrypt's Oak CT log was included in approved log lists and became usable by all publicly trusted certificate authorities.
|
| February 27 2020 | Let's Encrypt announced having issued a billion certificates. |
| January 2020 |
DNS Certification Authority Authorization
Let's Encrypt disclosed a software issue that improperly queried and validated CAA records, potentially affecting over 3 million certificates. They worked with customers to replace 1.7 million certificates and chose not to revoke the remaining certificates due to potential client downtime.
|
| 2019 |
Extended Validation Certificate
Chrome 77 removed the EV certificate indication from omnibox, shifting EV certificate status viewing to a detailed lock icon view.
|
| 2019 |
HTTPS Everywhere
HTTPZ was developed for Firefox and WebExt supporting browsers, continuing the trend of opportunistic encryption started by HTTPS Everywhere.
|
| November 2019 |
DNS Certification Authority Authorization
Simplified CAA standard was approved as a Proposed Standard by the LAMPS Working Group.
|
| November 8 2019 | Let's Encrypt stopped accepting new account registrations for ACMEv1 protocol |
| August 21 2019 |
Kazakhstan man-in-the-middle attack
Mozilla and Google simultaneously announced they would not accept the Kazakh government-issued certificate in their Firefox and Chrome browsers, even if manually installed by users. Apple also committed to similar actions for Safari.
|
| July 2019 |
Kazakhstan man-in-the-middle attack
Kazakh Internet Service Providers (ISPs) began messaging users about mandatory installation of the Qaznet Trust Certificate issued by the state certificate authority.
|
| May 2019 |
Certificate Transparency
Certificate authority Let's Encrypt launched its own Certificate Transparency log called Oak.
|
| May 2019 | IdenTrust, DigiCert, and Sectigo emerged as the top 3 certificate authorities in terms of market share, replacing Symantec's previous dominance. |
| 2018 |
Server-Gated Cryptography
TLS 1.3 was released, marking the final phase of deprecation for Server-Gated Cryptography standards.
|
| 2018 |
Qualified website authentication certificate
The European Union approached the CA/Browser Forum (CABF) requesting to partner on updating existing Extended Validation (EV) certificate requirements to include additional Subject information.
|
| 2018 |
Qualified website authentication certificate
Google began the process of deprecating EV certificate visual indicators in web browsers, discouraging the EU from continuing to use EV certificates.
|
| October 2018 | Apple, Google, Microsoft, and Mozilla jointly announced plans to deprecate TLS 1.0 and 1.1 in March 2020. |
| September 2018 | OpenSSL released version 1.1.1 with TLS 1.3 as its headline new feature. |
| September 2018 |
Extended Validation Certificate
Apple Safari on iOS 12 and MacOS Mojave removed the visual distinction of EV certificate status.
|
| August 2018 |
Forward secrecy
TLS 1.3 was published, dropping support for ciphers without forward secrecy. Wikimedia Foundation began requiring the use of forward secrecy.
|
| August 2018 | TLS 1.3 was officially defined in RFC 8446. |
| August 2018 | TLS 1.3, the current version of the protocol, is defined, providing enhanced cryptographic security for network communications. |
| June 30 2018 | PCI Council recommended organizations migrate from TLS 1.0 to TLS 1.1 or higher before this date. |
|
We are only showing the most recent entries for this topic. |
|
This contents of the box above is based on material from the Wikipedia articles Datagram Transport Layer Security, Export of cryptography from the United States, Qualified website authentication certificate, Transport Layer Security, Online Certificate Status Protocol, DNS over TLS, Kazakhstan man-in-the-middle attack, Certificate Transparency, DNS Certification Authority Authorization, Forward secrecy, Certificate authority, Server-Gated Cryptography, Extended Validation Certificate, Let's Encrypt & HTTPS Everywhere, which are released under the Creative Commons Attribution-ShareAlike 4.0 International License.