Information Security Education Resources

What’s New With TLS 1.3

TLS 1.3 is the newest version of Transport Layer Security which is a cryptic protocol that allows for your web page traffic to be secured. It works to secure the communications between client and server to include passwords, and other crucial information sent from client to the server, and server to the client. As a result, TLS makes it extremely difficult to gain access to the information sent while it’s traveling to and from the servers.

The first significant difference that you can notice between TLS 1.2 and 1.3, is that the web browsers will begin to load quicker, this is due to TLS reducing the number of “round-trips” required to establish a connection from 2 to 1. This method is useful for reducing the time in which it takes to send client-side data to the server, which is the main reason that the pages load faster. Sessions in previous versions of TLS use client-side certificate id’s, the id is special for that client only, and before the client connects to the server, the server looks up the client’s id in the server’s cache of ids. If the server matches the id with the current client being used, the server then knows to use the same security measures used previously; One downside to this method is that the servers have to have a shared state. As a result of the downside to that, TLS 1.3 changed the way the certificate system works, and essentially makes the certificate self-encrypted, as well as self-authenticated; Therefore, the servers used to fetch the client-side certificate can become stateless. (1)

Some history regarding TLS 1.3 and 1.2 is that TLS 1.2 was enacted in 2008, which allowed for safer web browsing, since then there haven’t been any updates in TLS until now. TLS 1.3 is described as a way to “block” any form of eavesdropping from outside sources, as well as prevent message forgery and other types of crimes. This new way to TLS is all around a better, more secure way to browse the internet, with this new TLS discarding all other forms of cryptographic protocols that are weak.

What does this mean for us? It means that it is now harder for scammer and hackers to intercept any form of communications from the client to server, and server to the client. Change is coming, and it’s happening faster than you can imagine. (2)

References:

TLS 1.3 Protocol Support | Documentation

TLS 1.3 is nearly here

Leave a Reply

Your email address will not be published. Required fields are marked *