Aviral Srivastava

Posted on Jun 7

TLS Handshake 1.2 vs 1.3

#beginners #cybersecurity #networking #security

TLS 1.2 vs. TLS 1.3: The Evolution of Your Internet's Secret Handshake

Hey there, fellow internet dwellers! Ever wondered what happens behind the scenes when you see that little padlock in your browser's address bar? That's the magic of TLS (Transport Layer Security), the digital handshake that keeps your online conversations private and secure. Think of it as the bouncer at your favorite online club, making sure only the right people get in and that no one's eavesdropping on your conversations.

Today, we're going to dive deep into the fascinating world of TLS, specifically comparing its two most prominent versions: TLS 1.2 and its younger, spiffier sibling, TLS 1.3. We'll break it down like a tech-savvy friend explaining a complex topic over a cup of coffee – no jargon overload, just clear, concise, and maybe a little bit of enthusiasm.

The Grand Introduction: Why Should You Care About a Handshake?

You might be thinking, "Okay, it's a handshake. So what?" Well, this handshake is crucial for pretty much everything you do online. From banking and online shopping to sending emails and chatting with friends, TLS is the invisible shield protecting your sensitive data. Without it, your passwords, credit card details, and personal messages would be as exposed as a streaker at a formal event.

TLS 1.2 has been the workhorse for years, diligently keeping our internet connections safe. But like any technology, it's had its bumps and bruises. Enter TLS 1.3, a complete overhaul designed to be faster, more secure, and just plain better. So, let's unpack what makes these two versions tick.

The Pre-Game Ritual: What You Need to Know Before the Handshake

Before we get into the nitty-gritty of the handshakes themselves, let's establish some foundational knowledge. Think of this as the warm-up exercises before a big game.

Cryptography is King (or Queen!): TLS relies heavily on cryptography. This is the science of secure communication, using complex mathematical algorithms to scramble and unscramble data. Key concepts here include:
- Symmetric Encryption: Uses the same key for both encryption and decryption. It's super fast but requires a secure way to share the key initially.
- Asymmetric Encryption (Public-Key Cryptography): Uses a pair of keys: a public key (shared with everyone) for encrypting messages and a private key (kept secret) for decrypting them. This is how the initial secure channel is established.
- Digital Signatures: Like a handwritten signature, but for data. They verify the sender's identity and ensure the data hasn't been tampered with.
Certificates: The Digital ID Cards: When you connect to a website, it presents a digital certificate. This is like an ID card issued by a trusted authority (Certificate Authority or CA) that proves the website is who it claims to be. This prevents "man-in-the-middle" attacks, where someone pretends to be the website you're trying to reach.
Key Exchange: This is the process where the client (your browser) and the server agree on a secret key that will be used for symmetric encryption for the rest of the session. This is where the handshake truly shines.

The TLS 1.2 Handshake: A Detailed Dance (with a few extra steps)

TLS 1.2's handshake is a multi-step process, a bit like a well-rehearsed ballet. It’s been around for a while and has served us well, but it's also a tad… verbose. Let's break down the key steps:

ClientHello: Your browser initiates the conversation by sending a ClientHello message. This tells the server:
- What TLS versions it supports (including TLS 1.2, of course!).
- A list of cipher suites it prefers. A cipher suite is a combination of cryptographic algorithms (like key exchange, encryption, and authentication).
- A random number (client random) that will be used later to help generate the session key.
- Optionally, extensions, which can include features like Server Name Indication (SNI), which allows a single IP address to host multiple secure websites.
```
// Simplified representation of ClientHello
ClientHello {
    client_version: TLS 1.2,
    random: <client_random>,
    cipher_suites: [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, ...],
    extensions: [SNI, ...]
}
```
ServerHello: The server responds with a ServerHello. This message includes:
- The TLS version it will use (the highest common version supported by both).
- A random number (server random).
- The chosen cipher suite from the client's list.
- The certificate of the server.
```
// Simplified representation of ServerHello
ServerHello {
    server_version: TLS 1.2,
    random: <server_random>,
    cipher_suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
    // ... other server information
}
```
Certificate and ServerKeyExchange (if needed): The server sends its certificate to the client for verification. If the chosen cipher suite requires it, the server also sends a ServerKeyExchange message, which typically contains parameters for the Diffie-Hellman key exchange.
CertificateRequest (optional): If the server requires client authentication (e.g., for high-security applications), it will send a CertificateRequest asking for the client's certificate.
ServerHelloDone: The server signals the end of its initial messages.
Certificate (optional): If the server requested a certificate, the client sends its own certificate.
ClientKeyExchange: This is where the magic of key exchange happens. Depending on the chosen cipher suite, this message will contain information that allows the client and server to independently compute a shared secret key. For example, with RSA key exchange, the client encrypts a pre-master secret with the server's public key. With Diffie-Hellman, it involves exchanging public values.
```
// Example: RSA Key Exchange (simplified)
ClientKeyExchange {
    encrypted_pre_master_secret: encrypt(<pre_master_secret>, server_public_key)
}
```
CertificateVerify (optional): If the client sent a certificate, it signs a hash of the preceding handshake messages with its private key to prove its identity.
ChangeCipherSpec: Both the client and server send this message to indicate that all subsequent messages will be encrypted using the newly negotiated session keys.
Finished: The client sends an encrypted Finished message, which is a hash of all the handshake messages exchanged so far. The server does the same. This is the final check to ensure both parties have successfully computed the same session keys and that no data has been altered.

The Drawback: Notice how many steps there are? This means multiple round trips between the client and server. In the world of internet speeds, each round trip adds latency, making the connection feel a bit slower, especially on networks with higher latency. This is where TLS 1.3 really shines.

The TLS 1.3 Handshake: Streamlined and Speedier

TLS 1.3 is a significant improvement, focusing on reducing the number of round trips and removing outdated and less secure cryptographic options. It's like upgrading from a lengthy phone call to a quick, efficient text message.

Here's the breakdown of the TLS 1.3 handshake, which, in many common scenarios, takes only one round trip!

ClientHello: Similar to TLS 1.2, but with some key differences:
- It includes the client's supported versions and cipher suites, but it only advertises TLS 1.3 cipher suites. Obsolete and insecure ones are gone!
- It also sends its random value and a list of supported signature algorithms.
- Crucially, it includes the key_share extension, which contains the client's public key contribution for the key exchange.
```
// Simplified representation of TLS 1.3 ClientHello
ClientHello {
    client_version: TLS 1.3,
    random: <client_random>,
    cipher_suites: [TLS_AES_256_GCM_SHA384, ...], // Only TLS 1.3 suites
    extensions: [key_share: { ... }, supported_groups: { ... }, signature_algorithms: { ... }, ...]
}
```
ServerHello, EncryptedExtensions, Certificate, CertificateVerify, Finished: This is where the magic happens in a single round trip!
- ServerHello: The server responds with its chosen TLS version, its random value, and the selected cipher suite.
- EncryptedExtensions: This is a new message in TLS 1.3. It contains server parameters that are encrypted, including the key_share extension with the server's public key contribution. This ensures privacy for server configurations.
- Certificate: The server sends its certificate.
- CertificateVerify: The server signs a hash of the handshake messages with its private key.
- Finished: The server sends its encrypted Finished message.
The key exchange is completed here! Both the client and server have exchanged their public key contributions and can now independently derive the same shared secret key. This is a massive improvement over TLS 1.2, where the client key exchange often happened in a separate round trip.
```
// Simplified structure of TLS 1.3 Server's response
// (All messages from ServerHello to Finished are typically sent in one go)

ServerHello { ... }
EncryptedExtensions {
    extensions: [key_share: { ... }, ... ] // Server's public key contribution
}
Certificate { ... }
CertificateVerify { ... }
Finished { ... } // Server's encrypted Finished message
```

The Benefit: One round trip! This directly translates to a faster connection setup. For users on mobile devices or in areas with high latency, this can make a noticeable difference.

Key Differences and Advantages of TLS 1.3

Let's put these two side-by-side and highlight what makes TLS 1.3 the clear winner:

Feature	TLS 1.2	TLS 1.3
Handshake Latency	2-3 round trips (or more with client auth)	1 round trip (for most common scenarios)
Cipher Suites	Supports many, including some weak ones	Streamlined, removes obsolete and weaker cipher suites, uses AEAD ciphers exclusively
Key Exchange	RSA, Diffie-Hellman (Ephemeral and static)	Primarily Ephemeral Diffie-Hellman (ECDHE) for forward secrecy
Forward Secrecy	Relies on ephemeral Diffie-Hellman	Mandated by default for most cipher suites
Post-Handshake Renegotiation	Supported, but often problematic	Removed entirely; replaced by ticket-based resumption
Early Data (0-RTT)	Not directly supported	Supported for faster initial data transmission on subsequent connections
Cryptographic Agility	More complex to deprecate algorithms	Easier to deprecate weaker algorithms in the future
Performance	Good, but can be improved	Significantly improved due to fewer round trips and efficient ciphers
Security	Generally secure, but some older ciphers can be vulnerable	Enhanced security, eliminates known vulnerabilities in older versions

Advantages of TLS 1.3 (Why it's Awesome!)

Speed Demon: The one-round-trip handshake is the star of the show. This means quicker page loads, faster application responsiveness, and a generally smoother online experience.
Fort Knox Security: TLS 1.3 has banished a whole host of outdated and vulnerable cryptographic algorithms. It mandates the use of modern, strong ciphers like AES-GCM and ChaCha20-Poly1305, which offer both encryption and authentication.
Forward Secrecy is Standard: TLS 1.3 makes forward secrecy the default for most cipher suites. This is a crucial security feature. If your server's private key is ever compromised, past communications encrypted with TLS 1.3 will remain unreadable because they were encrypted with unique, ephemeral session keys. Imagine your diary being shredded into confetti and each page being a unique puzzle – even if someone gets the whole stack, individual pages are useless without the specific puzzle pieces for that page.
No More Tedious Renegotiation: TLS 1.2 had a feature called renegotiation, which was often a security headache and a performance drain. TLS 1.3 has removed this entirely, opting for more secure and efficient methods for resuming sessions.
0-RTT (Zero Round Trip Time) for Resumption: For returning visitors, TLS 1.3 can send application data along with the very first ClientHello message. This means that on subsequent connections to the same server, you can potentially start sending encrypted data immediately, further reducing latency. This is like skipping the initial pleasantries and getting straight to the point of your conversation.

Disadvantages (or rather, challenges) of TLS 1.3

While TLS 1.3 is a massive leap forward, there are a few considerations, mostly related to adoption:

Compatibility Woes (initially): As a newer protocol, older clients and servers might not support TLS 1.3. This means websites and applications need to be updated. However, the adoption rate has been incredibly high, and most modern browsers and servers now support it.
Middlebox Issues: Some older network devices (like firewalls and intrusion detection systems, often called "middleboxes") were designed to inspect TLS 1.2 traffic. They might struggle to understand the encrypted extensions in TLS 1.3, potentially leading to connectivity issues if they are not updated. This is a temporary hurdle as network infrastructure catches up.
0-RTT Security Considerations: While 0-RTT is a performance win, it does introduce some nuances. If an attacker can capture a client's 0-RTT data, they could potentially replay it. However, this is a specific attack vector and not a general weakness of the protocol.

Code Snippets: A Glimpse into the Mechanics

Let's peek at some simplified representations of how these handshakes are structured. These are not actual network packet dumps but conceptual illustrations of the data being exchanged.

TLS 1.2 ClientHello (Conceptual):

{
  "type": "ClientHello",
  "protocol_version": "TLSv1.2",
  "random": "a1b2c3d4e5f6...",
  "session_id": null, // Or a previous session ID for resumption
  "cipher_suites": [
    "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_256_CBC_SHA256",
    // ... many more
  ],
  "compression_methods": [
    "null"
  ],
  "extensions": [
    {
      "type": "server_name",
      "data": "example.com"
    },
    {
      "type": "supported_groups",
      "data": [29, 23, 30] // Elliptic curve identifiers
    }
  ]
}

TLS 1.3 ClientHello (Conceptual):

{
  "type": "ClientHello",
  "protocol_version": "TLSv1.3",
  "random": "f9e8d7c6b5a4...",
  "cipher_suites": [
    "TLS_AES_256_GCM_SHA384",
    "TLS_CHACHA20_POLY1305_SHA256",
    "TLS_AES_128_GCM_SHA256"
    // Significantly fewer and more modern cipher suites
  ],
  "extensions": [
    {
      "type": "key_share",
      "data": {
        "group": 29, // Elliptic curve identifier for the client's public key
        "public_key": "04..." // Client's public key
      }
    },
    {
      "type": "supported_groups",
      "data": [29, 23, 30]
    },
    {
      "type": "signature_algorithms",
      "data": [4, 5, 13, 14] // Hash and signature algorithm identifiers
    },
    {
      "type": "psk_key_exchange_modes",
      "data": [1] // Preshared Key mode
    }
  ]
}

Notice how TLS 1.3's ClientHello is more focused, with explicit key sharing information and a curated list of modern cipher suites.

The Future is Here: Embracing TLS 1.3

TLS 1.3 isn't just an upgrade; it's a fundamental re-imagining of secure communication over the internet. Its speed, enhanced security, and modern design make it the clear choice for ensuring our online interactions are both private and efficient.

As developers, system administrators, and even everyday users, supporting and prioritizing TLS 1.3 is essential. It's the foundation for a faster, more secure, and more resilient internet for everyone. So, the next time you see that little padlock, you can rest a bit easier knowing that a more robust and efficient handshake is likely happening behind the scenes, thanks to the evolution from TLS 1.2 to TLS 1.3.

Conclusion: The Handshake Gets a Glow-Up

In essence, TLS 1.2 has been our reliable workhorse, but TLS 1.3 is the sleek, high-performance sports car. It addresses the performance bottlenecks and security concerns of its predecessor, offering a faster, more secure, and more future-proof protocol. The shift to TLS 1.3 is not just a technical update; it's a significant step forward in making the internet a safer and more enjoyable place for all of us. So, let's raise a virtual toast to TLS 1.3 – the handshake that's making our digital lives better, one secure connection at a time!

DEV Community