Let’s have a look at TLS 1.3 and the advancements it brings
Hooray! TLS 1.3, the highly anticipated Internet Security Protocol has finally been passed by the Internet Engineering Task Force. The work that was started in 2014 with the first draft of TLS 1.3 has finally come to fruition, and draft 28 of TLS 1.3 has been passed by IETF.
This approval makes TLS 1.3 the latest and the most secure version of the SSL/TLS protocol family. TLS 1.3 is being hailed by almost all security experts as it’s the most advanced TLS protocol to date. It brings some substantial improvements as far as performance and security are concerned.
Let’s have a look at the improvements featuring in TLS 1.3.
For a long time, the only *stupid* argument that’s been made against SSL/TLS is the time taken to establish a connection between client and server. Now, with TLS 1.3, this thoughtless argument will cease to exist. That’s because of the introduction of 0-RTT (zero round trip) and 1-RTT TLS handshakes.
You might be aware of the fact that before establishing a secure connection, a handshake takes place. This handshake is called the TLS handshake. This is the part that takes some time as it incorporates back-and-forth communication between client and server. TLS 1.2 and its preceding versions facilitate connections with 2-RTT TLS handshakes. That means that it takes two round trips between the server and client to complete the SSL/TLS handshake.
This is going to change with TLS 1.3.
TLS 1.3 cuts the journey with a single round trip handshake, thereby cutting the handshake time by half. This results in reduced TTFB (time to first byte) and improved latency. For domains where connection speed is of paramount importance, this handshake is going to come very handily.
As good as it is, 1-RTT is not the most talked about feature of TLS 1.3. It’s the 0-RTT handshake that has grabbed the most headlines.
Now you might be wondering how a TLS handshake can take place without a single round trip. Well, it can. If the server and client have come across each other before, there will be zero round trips in between them. Needless to say, this will do wonders as far as the latency is concerned.
The past hurts us not only in the physical world but also in the virtual world. So many times, we’ve seen attackers targeting older, unpatched security vulnerabilities. TLS 1.2 and its predecessors feature these kinds of vulnerabilities, which could potentially be exploited.
With TLS 1.3, potentially vulnerable algorithms, ciphers, and protocols will no longer be supported. This gives a massive boost to our security, and it’s an enormous disappointment for hackers and fraudsters.
Here are some of the older, insecure ciphers and algorithms discontinued in TLS 1.3:
- RSA Key Transport
- Various Diffie-Hellman groups
- CBC Mode Ciphers
- RC4 Steam Cipher
- MD5 Algorithm
- EXPORT-strength ciphers
How do I enable TLS 1.3?
Enable TLS 1.3 in Chrome
- Open Chrome
- Search for chrome://flags/ in the address bar and press enter
- Enable TLS 1.3 (Draft 23)
- Relaunch Chrome
Bravo! You just enabled TLS 1.3.
Enable TLS 1.3 in Firefox
- Open Firefox
- Then search for about:config in the address bar and press enter
- Search for version.max
- Set 4 as its value
- Restart Firefox
Keep in mind that TLS 1.3 will only be enabled if the website (server) is supporting TLS 1.3. If not, the connection will be established through TLS 1.2.