The Internet Engineering Task Force published TLS 1.3 on Friday, as RFC 8446. This new update to TLS 1.2 provides much better security and speed and is available in Firefox from today.
TLS or Transport Layer Security is behind every secure transaction made on the Web. The previous version of the protocol, TLS 1.2, was launched about 10 years ago and has seen no major change from the Secure Sockets Layer (SSL) protocol of the 1990s.
TLS 1.3 brings a number of major improvements in security, including an upgrade in user privacy and removing outdated cryptography and introducing modern ones. TLS 1.3 guarantees better privacy by encrypting most of the handshake, which its earlier versions wouldn’t, resulting in a leak of information and identities, and provided easier access to hackers. TLS 1.3 also makes room for better future implementations and upgrades of the protocol.
Cryptographic algorithms like RSA key exchange and static Diffie-Hellman in TLS 1.2 were the reason behind attacks like FREAK and Sweet32. But TLS 1.3 will have a lesser count of primitive algorithms, like Elliptic Curve Diffie-Hellman key establishment and AEAD ciphers.
The academic security community has contributed a lot to the development of TLS 1.3, which has undergone countless strict reviews and verifications by independent groups to be finalized.
Round-trip time is a significant aspect of protocol performance. A “zero round-trip” mode incorporated in TLS 1.3 helps send data to the server in one set of network packets, which was two for TLS 1.2. The update promises to cut down the number of trips required to a minimum, as the browser and server will manage the security settings. TLS is run by companies like Cloudflare, Google on their servers, where TLS 1.3 makes about 5% of their connections, with half of Facebook’s traffic already being TLS 1.3.