Let’s look at TLS 1.3 and what it takes forth
Hooray … Hooray! TLS 1.3, the Internet Engineering Task Force finally passed the much awaited Internet Security Protocol. The research which began in 2014 with the first draft of TLS 1.3 finally came to fruition, and IETF passed draft 28 of TLS 1.3.
This approval makes SSL / TLS protocol family latest and most stable version of TLS 1.3. Nearly all security experts praise TLS 1.3 as it’s the most sophisticated TLS protocol to date. It brings some significant performance and safety enhancements.
Let’s look at the changes outlined in TLS 1.3.
The only * stupid * claim that has been made against SSL / TLS for a long time is the time it takes to create a client-server connection. Now, the thoughtless logic would cease to exist with TLS 1.3. That is because 0-RTT (zero round trip) and 1-RTT TLS handshakes were added.
You might be aware of the fact that a handshake occurs before establishing a secure connection. This handshake is called the handshake of the TLS. This is the aspect that takes a while, integrating back-and-forth communication between client and server. TLS 1.2 and its previous iterations allow 2-RTT TLS handshake connections. That means that it takes two round trips to complete the SSL / TLS handshake between server and client.
That will change with TLS 1.3.
With a single round trip handshake, TLS 1.3 cuts the ride, thereby cutting the time for handshaking by half. This leads to reduced TTFB (time to first byte) and increased latency. This handshake will come very handy for domains where connection speed is of paramount importance.
As fantastic as it is, TLS 1.3 feature 1-RTT isn’t the most talked about. This is the handshake 0-RTT that has grabbed the most headlines.
Now you may wonder how to do a TLS handshake without a single round trip. Okay, it could. If the server and client reach each other before then there will be zero round trips between them. Needless to say, this will do wonders with respect to latency.
The past is troubling us not just in the physical world but in the virtual world as well. We have seen attackers abused older, unpatched security vulnerabilities so many times. TLS 1.2 and its predecessors feature vulnerabilities of this kind which could potentially be exploited.
For TLS 1.3 it will no longer support potentially insecure algorithms, ciphers, and protocols. This gives our defense a big boost and for hackers and fraudsters, it’s a huge disappointment.
Below are some of the older, unstable algorithms and ciphers deprecated in TLS 1.3:
- Core transport to RSA
- Specific Diffie-Hellman Groups
- CBC Cypher mode
- RC4 Cipher by Steam
- Algorithm MD5,
- Cipher-strength EXPORT
How do I toggle on TLS 1.3?
Activate TLS 1.3 inside Chrome
- Chrome Open
- Check the address bar for chrome:/flags/ and click Enter
- TLS 1.3 (Draft 23) Activate
- Chrome Relay
Bravo, bravo! You only have the TLS 1.3 allowed.
Switch on Firefox to TLS 1.3
- Open Firefox
- Then check the address bar for about: config and click Enter
- Request the.max edition
- The value is set to 4
- Firefox restore
Keep in mind that TLS 1.3 is only available if the TLS 1.3 supports the website (server). Otherwise the connection will be formed via TLS 1.2.