TLS 1.0 and 1.1 are officially recognized as outdated

IETF Committee (Internet Engineering Task Force), developing protocols and Internet architecture, Posted RFC 8996 officially translating protocols TLS 1.0 and 1.1 in the category of obsolete technology.

TLS 1.0 specification was published in January 1999. Seven years later, it was released update TLS 1.1 security enhancements associated with the generation of the initialization vectors and incremental population. According to the service SSL Pulse as of January 16, the TLS 1.2 protocol supports 95.2% of Web sites that make the installation of protected compounds, A TLS 1.3 – 14.2%. TLS 1.1 compounds allow 77.4% of HTTPS sites, and TLS 1.0 is 68%. Approximately 21% of the first 100 thousand sites reflected in the ALEXA rating, still do not use HTTPS.

The main problems of TLS 1.0 / 1.1 is the lack of support for modern ciphers (for example ECDHE and AEAD) and the presence in the specification requires the support for old ciffers, the reliability of which at the present stage of the development of computing equipment is questioned (for example, support for TLS_DHE_DSS_WITH_3DES_EDE_DSS_WITH_3DES_EDE_CBC_SHA, to verify Integrity and authentication used MD5 and SHA-1). Support for outdated algorithms has already led to the appearance of such attacks as Robot, Drown, Beast, Logjam and Freak. However, these problems were not directly vulnerable to the protocol and closed at the level of its implementation. In the TLS 1.0 / 1.1 protocols themselves, there are no critical vulnerabilities that can be used to implement practical attacks.
The reason for not using TLS 1.0 and 1.1 is the lack of support for modern ciphers (eg ECDHE and AEAD) and the presence of the requirements to support the old cipher specifications, the reliability of which at the present stage of development of computer technology in doubt (for example, required TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA support for integrity And the authentication is used MD5 and SHA-1).

/Media reports.