TLS 1.3 Final published: better security and speed - gHacks Tech News

TLS 1.3 Final published: better security and speed

The final version of TLS 1.3 -- Transport Layer Security -- has been published by the IETF, the Internet Engineering Task Force, and popular browsers such as Firefox support it already (an earlier draft version and soon the final version).

tls 1.3 support finalized

Tip: point your browser to the SSL/TLS capabilities test on SSLLabs to find out which versions your browser supports. Check the protocol features on the page to find out which protocols the browser supports. If you want to check out which TLS versions a server supports, run the company's SSL Server Test tool instead.

TLS 1.3 is a major update to TLS 1.2 even though the minor increase of the version might indicate otherwise.

Transport Layer Security is what is used by devices for secure transactions on the Internet. Basically, if you see HTTPS being used in the browser it is powered by TLS. Whether that is TLS 1.3 already or TLS 1.2 depends on the browser and the site that the browser connects to.

Multiple drafts of the new TLS 1.3 specification were released in the past four or so years ever since work began in earnest on the new standard. Browser makers like Mozilla or Google implemented support for various draft versions and the functionality was considered experimental at that time.

Some sites did make use of TLS 1.3 already; Mozilla notes that about 5% of Firefox connections use TLS 1.3 already and that companies like Google, Facebook or Cloudflare support TLS 1.3 already.

Firefox supports a draft version that is essentially identical to the final published version. Mozilla plans to release the final version in Firefox 63 which the organization plans to release in October 2018.

Google Chrome supports an earlier draft version already as well and will support the final version of TLS 1.3 in an upcoming version.

Chrome and Firefox include options to manage TLS support in the browsers. Mozilla started to enable TLS 1.3 support in Firefox Stable in 2018.

What makes TLS 1.3 special?

TLS 1.3 is a major update of the standard that improves speed and security significantly. One of the main advantages of TLS 1.3 is that basic handshakes take a single round-trip compared to TLS 1.2's two round-trips. The time it takes to connect to servers that support TLS 1.3 is reduced because of that which means that web pages that support TLS 1.3 load faster in browsers that support the new standard.

Security is improved as well in TLS 1.3 when compared to previous versions. TLS 1.3 focuses on some widely known and analyzed cryptographic algorithms while TLS 1.2 includes support for more algorithms of which some were exploited successfully in the past.

TLS 1.3 encrypts most of the handshake next to that which improves privacy when connecting to servers as much of the information that is in the open when TLS 1.2 is used is now encrypted and unreadable while in transit.

Cloudflare published a technical overview of TLS 1.3 on the company blog; a good read for anyone interested in the topic.

Summary
TLS 1.3 Final published: better security and speed
Article Name
TLS 1.3 Final published: better security and speed
Description
The final version of TLS 1.3 -- Transport Layer Security -- has been published by the IETF, the Internet Engineering Task Force.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Sampei Nihira said on August 14, 2018 at 6:10 pm
    Reply

    For those who want to remove the insecure cipher suites in Chrome at the Qualys SSL Test:

    –cipher-suite-blacklist=0x002F,0x0035,0x000A,0x009C,0x009D

    https://www.bleepingcomputer.com/forums/t/680687/test-qualys-ssl-labs-client-test-with-chrome/

  2. Marcin said on August 14, 2018 at 6:49 pm
    Reply

    I hope it doesn’t mean that all HTTPS site will only work with TLS 1.3 in the future.

    1. John Fenderson said on August 14, 2018 at 7:54 pm
      Reply

      No, it doesn’t mean that (well, depending on how far into the future you mean). 1.2 will continue to work for the foreseeable future. The introduction of 1.3 does mean, though, that the effort to officially kill off 1.0 and 1.1 has begun.

      That said, everyone should move to 1.3 as soon as is practical. 1.2 is compromised and should not be considered trustworthy. It is not, at this time, a major security issue for most uses — but it will become that as time passes.

      1. Marcin said on August 15, 2018 at 10:01 am
        Reply

        Thank you John for your answer.

        Let’s hope “the foreseeable future” represents many years.

      2. John Fenderson said on August 15, 2018 at 5:01 pm
        Reply

        It very likely will. Remember that 1.0 was released in 1996 and it remains technically supported despite it being so insecure as the basically be like a lock on a screen door. Also, it’s taken four years to develop and release 1.3. These things don’t move quickly.

        If history is any guide, 1.2 will be supported for at least another decade, although “past performance is no guarantee of future results”.

  3. Anonymous said on August 14, 2018 at 10:29 pm
    Reply

    It sounds like “you will have to update your browser in near future”. Security holes are an open-ended honey pot allowing major browser companies to spy on you even more. Like viruses for anti-virus companies. I will be forced very soon to switch to Pale Moon v28 losing my full theme, forced to surf with themes all as ugly as each other. Bored.

  4. TelV said on August 15, 2018 at 10:36 am
    Reply

    In Waterfox prefs the setting for “security.tls.version.max” is 3 with “security.tls.version.min” showing 1.

    I assume that means TLS will switch where appropriate according to what a site supports. Is that correct?

    1. Martin Brinkmann said on August 15, 2018 at 10:38 am
      Reply

      Yes that is right. 3 means up to TLS 1.2 is supported.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.