TLS 1.3

Here’s everything you need to know about TLS 1.3

It was more than eight years ago that the last encryption protocol update occurred. A new version TLS1.3 was published in August 2018.

TLS 1.3 offers many advantages over previous versions, including a faster and more secure connection and handshake/rebuild cipher suites.

SSL 1.0 was never released officially. However, SSL 2.0 and 3.0 were not completely dead. SSL was replaced by TLS 1.0. SSL and TLS had many differences. TLS 1.0 was eventually replaced by 1.1. TLS 1.2 was released later. The final TLS 1.3 release was made. TLS 1.3 is now in its seventh iteration, based on the SSL/TLS protocol.

What is TLS 1.3?

TLS stands to Transport Layer Security. It is the successor of SSL, (Secure Sockets Layer). TLS allows secure communication between web browsers, and servers. Secure communication is possible because transmitted data is encrypted using symmetric cryptography. TLS, or Transport Layer Security, is a protocol that allows clients to securely communicate with servers over the internet.

Transportation Layer Security (TLS 1.3 protocol offers unparalleled privacy and performance in comparison to previous versions of TLS or non-secure HTTP. Cloudflare engineers were involved in the development of this new TLS protocol.

History of TLS 1.3

TLS 1.3 was released after a decade of TLS Version 1.2. It took 28 drafts for IEFT (Internet Engineering Task Force) to finalize the definition. Many problems were encountered, including middleboxes and commercial elements that could undermine the standard’s integrity for traffic inspection. Due to the involvement of many stakeholders, the vetting process continues indefinitely.

From the April 17, 2014 release of the first TLS 1.3 draft to the August 2018 release, all drafts have been reviewed and tested by vendors such as Google, Cloudflare, Mozilla and others. Vendors such as Google Cloudflare and Mozilla continuously review and test all drafts. They added the protocol to their supported protocols list and reported any issues that they encountered. In February 2017, Google was forced to discontinue TLS 1.3 support due to a proxy issue.

TLS1.3 has more advantages than TLS1.2

 Speed Benefit

TLS 1.3 is faster than its predecessor, because it takes less time to complete a handshake. TLS 1.3 only takes one round trip from each side to complete a handshake. TLS1.3 has a lower round-trip than TLS1.2. This is because the number of negotiations was reduced to 2 instead of 4.

Image source: Fasterize

It takes TLS 1.2 two round-trips, and it requires four negotiations. It is slower than TLS1.3 in terms of network performance.

TLS has a shorter handshake, which makes the connection to the site faster and with less latency. This improves enterprise network performance.

TLS 1.3 will be faster thanks to ‘Zero Round-trip Time Resumption’ (0RTT). This allows for almost instantaneous session resumption by visitors who have visited the site recently. This speed increase is noticeable both on mobile networks and at large scale.

 

TLS 1.3 uses a pre-shared key to restart a connection, whereas TLS 1.2 uses a few ways to resume a connection. Session IDs and session tickets. Client and server create session keys for use during a connection. Once the connection has been established, they can use the same function to generate “Resumption master key” which facilitates 0-RTT.

The resumption master keys are used to encrypt the application data and session tickets for the server when the client or server wants to resume a session. After that, the server validates the key and the session is resumed.