SoylentNews

RandomFactor writes:

One year ago the IETF published TLS 1.3 in RFC 8446. Here is what is different from previous versions.

TLS 1.3 is the seventh iteration of the SSL/TLS protocol, having been preceded by SSL 1.0, SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2.

TLS 1.2 has been serving the internet faithfully for a decade now, yet nearly 25% of the Alexa Top 100,000 still doesn't support it. That's problematic, because making the jump from TLS 1.2 to to TLS 1.3 is already a fairly large change. Upgrading from even older protocols will require even more configuration.

Now, that's not to imply upgrading is prohibitively difficult, it's more to illustrate that one of the biggest challenges that's going to face TLS 1.3, at least for the next year or so, is the rate of adoption.

As of the end of last year, just over 17% of the Alexa Top 100,000 supported TLS 1.3.

Here are the primary differences in TLS 1.3 and prior versions:

- Eliminates support for outmoded algorithms and ciphers
- Eliminates RSA key exchange, mandates Perfect Forward Secrecy
- Reduces the number of negotiations in the handshake
- Reduces the number of algorithms in a cipher suite to 2
- Eliminates block mode ciphers and mandates AEAD bulk encryption
- Uses HKDF cryptographic extraction and key derivation
- Offers 1-RTT mode and Zero Round Trip Resumption
- Signs the entire handshake, an improvement of TLS 1.2
- Supports additional elliptic curves

In short, TLS 1.3 is faster to establish, faster to reestablish, streamlined throughout, and more secure than previous versions of SSL and TLS.

Most popular browser clients already support TLS 1.3. Server library versions supporting TLS 1.3 include

- OpenSSL 1.1.1
- GnuTLS 3.5.x
- Google's Boring SSL (current)
- Facebook's Fizz (current)

What's in your server?

Original Submission