It took about more than eight years since the last encryption protocol update, a new version TLS 1.3 published as of August 2018.
TLS 1.3 has countless advantages over its predecessors, which is faster and more secure including a handshake and rebuild cipher suites. Below are few most important advantages, read thoroughly and feel free to share your comments.
TLS stands for Transport Layer Security and is the successor to SSL (Secure Sockets Layer). TLS provides secure communication between web browsers and servers. The connection itself is secure because symmetric cryptography is used to encrypt the transmitted data. In other words, TLS is a standard protocol that allows clients and servers to communicate securely over the internet. Meanwhile, you MUST buy SSL certificates in order to secure your websites.
Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to its previous versions of TLS and non-secure HTTP. Cloudflare engineers contributed towards the development of the newest TLS protocol.
TLS 1.3 much faster than its predecessor because the time taken for a handshake reduced. In TLS 1.3, it takes one round-trip from both sides to complete a handshake. TLS 1.3 reduced the round trip than TLS 1.2, since the number of negotiations cut-down to 2 against 4.
Whereas in TLS 1.2, it takes two round-trips and the number of negotiations it requires is four. It makes it slower in terms of network performance than TLS 1.3.
The shorter TLS handshake has made the connection to the site much faster- with less latency, which improves the enterprise network performance.
‘Zero Round Trip Time Resumption’ (0-RTT) will make TLS 1.3 faster as it allows for near-instantaneous session resumption for visitors who have recently visited the website. Such speed change is pretty much noticeable on the mobile networks and at scale.
In TLS 1.3, to resume a connection pre-shared key is used whereas TLS 1.2 uses a couple of ways to resume i.e. session IDs and session tickets. The client and the server generate session keys to use during a connection, once the connection is been established, they can use a similar function to generate “Resumption Master Key” which facilitates 0-RTT.
This resumption master key is to encrypt application data for the server along with the session ticket when the client and the server want to resume a session. Afterward, the server validates it and the session gets resumes.
As we are aware that half of the negotiation has been eliminated from the handshake, which has resulted in a decrease in the size of the cipher too.
TLS 1.2 and its predecessors use Cipher Suites which included 4 ciphers: They are as followed:
The TLS1.3 supports cipher suites that do not include key exchange and signature algorithms.
The biggest drawback in TLS 1.2 is multiple cipher combinations giving nightmare for the parties participating in the handshaking, lagged in providing guidance in choosing cipher suite for better security.
The TLS version 1.3 has five different cipher suites that can be used which are as follows:
The problem with the TLS 1.2 has been that no properly configured done and gave open ways for website attacks. Release of TLS version 1.3 helped in removing all the insecure features such as:
Arbitrary Diffie-Hellman groups – CVE-2016-0701
Export-strength ciphers- responsible for Freak and LogJam
The administrators and developers may find the TLS version 1.3 as a preferred protocol as it is more simplifies and will help in less misconfiguring the protocol.
People have started trusting the TLS 1.3 more than its predecessors
Google is raising the security bar, by displaying warning messages on the screen for the users to move from 1.2 and below to TLS 1.3, for both the browsers and the servers.
You can read the full article about the advantages of TLS 1.3.