Reading whole article you will see that it would not be a sort of "Big Bang" but in any case I hope that these information would be useful for someone (*)
CISCO UMBRELLA
All endpoints with Cisco umbrella will require TLS 1.2 after that date (*)
https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-
CISCO ANYCONNECT
"Cisco Umbrella will continue to support Cisco Any Connect and Cisco Umbrella Roaming Client versions that require TLS 1./0/1.1 until September 30th 2020. All other uses of TLS 1.0 and 1.1 will be discontinued as planned on March 31st. "
https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-
TLS 1.0 & 1/1 - Deprecated
Protocols are deprecated
BROWSER MICROSOFT, APPLE, GOOGLE & MOZILLA
Microsoft, Apple, and Mozilla have all announced that their browsers will no longer support TLS 1.0 and 1.1 as of March 2020.
TLS 1.2 #HOW TO VERIFY
You can use this website to verify your browser health:
https://www.ssllabs.com/ssltest/viewMyClient.html.
Otherwise if you want to verify website using FQDN you can use same website but at below link/section:
https://www.ssllabs.com/ssltest/
.NET (Note: Any Connect requires .NET)
Native TLS 1.2 requires .NET framework 4.6.2+. Prior versions require registry edits (4.x) or Registry edits and manual hot fix patches (3.5).
More information can be found here:
https://support.umbrella.com/hc/en-us/articles/115005871543-Requirements-for-forcing-TLS-1-2-on-the-Connector-and-Roaming-Client.
This applies to Umbrella software running on .NET framework - currently AD Connector and Roaming client.
.NET #Check your version
Follow this article
https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
DISABLE #TLS 1.0 and TLS v1.1 DISABLE at #O.S level
It can be disabled at the O.S. level (IIS)https://support.microsoft.com/en-us/help/187498/how-to-disable-pct-1-0-ssl-2-0-ssl-3-0-or-tls-1-0-in-internet-informat
TLS 1.2 #HOW TO ENABLE on earlier versions .NET 3.5.1
The .NET framework version 3.5.1 and earlier versions did not provide support for applications to use Transport Layer Security (TLS) System Default Versions as a cryptographic protocol. This update enables the use of TLS v1.2 in the .NET Framework 3.5.1.
Check these register tips
[whole article here]
TLS 1.2 #HOW TO ENABLE on NEWER versions .NET 4.6.2+
Apply these register tips
[whole article here]
UMBRELLA #OLD clients #FORCE TLS 1.2
If you are unable to update Umbrella/Any Connect client to use TLS 1.2 you need to follow these article steps.
https://support.umbrella.com/hc/en-us/articles/115005871543-Requirements-for-forcing-TLS-1-2-on-the-Connector-and-Roaming-Client
MOZILLA FIREFOX 74chante
With 74.0 release TLS 1.0 is disabled, but you can re-enable it about:config --> Tls and change below values
https://www.trishtech.com/2020/03/how-to-enable-tls-1-0-and-tls-1-1-in-mozilla-firefox-74/
GOOGLE CHROME 81
Google chrome version 81 will remove TLS 1.0 and TLS 1.1 support:
https://developers.google.com/web/updates/2020/02/chrome-81-deps-rems
APPLE/SAFARI
Will remove support for TLS 1.0 and 1.1 from Safari in March 2020 via updates to Mac OS and iOS.
INTERNET EXPLORER/EDGE
There are rumors that support will be removed in early 2020
SECURITY AWARENESS/WEAKNESS
These old protocols are not patch-able (NIST) versus actual vulnerabilities such as poodle, beeast and others.
- Checking client-side vulnerability:
https://www.poodletest.com/
- Checking server-side vulnerability:
http://www.poodlebleed.com
(*) I strongly believe on this assumptions but at the same time I am aware that I am too naive.
George Bernard Shaw
"If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas."
https://en.wikiquote.org/wiki/
<=================>
Linkedin article
https://www.linkedin.com/pulse/security-tls-10-11-end-lifesupport-several-products-mazzanti-1e
[Update 2020.03.27]
Here it is Microsoft article that explain if and how to disable TLS 1.0 and 1.1 on windows 2012 R2 for exemplificative purpose:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)
[update 2020/04/06]
Due to Covid-19 there are more delays than expected, here it is an interesting article that give you more explanations.
https://nakedsecurity.sophos.com/2020/04/02/covid-19-forces-browser-makers-to-continue-supporting-tls-1-0/
