{"id":2357,"date":"2020-04-03T05:41:39","date_gmt":"2020-04-03T05:41:39","guid":{"rendered":"http:\/\/kusuaks7\/?p=1962"},"modified":"2023-12-20T18:32:57","modified_gmt":"2023-12-20T18:32:57","slug":"tls-1-3-everything-possibly-needed-know","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/tls-1-3-everything-possibly-needed-know\/","title":{"rendered":"TLS 1.3: Everything you need to know"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

TLS 1.3 has myriad improvements over its predecessors, including a new handshake and revamped cipher suites.<\/h3><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tBefore anyone points out that the IETF published TLS 1.3 as RFC 8446 almost a year ago \u2013 we know.\u00a0We covered that<\/a>. But we realized we hadn\u2019t done an in-depth explainer of the new protocol version yet, and given the number of questions we field about TLS 1.3 on a regular basis \u2013 we thought maybe this would be a good time.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTechnically, TLS 1.3 is the seventh iteration of the SSL\/TLS protocol. SSL 1.0 was never officially released, 2.0 and 3.0 were short-lived (albeit not entirely dead yet<\/a>). And then TLS 1.0 was introduced as a replacement to SSL. There were some technical differences between SSL and TLS \u2013 namely, at first, whether the connection began by port or by protocol \u2013 but the premise was largely the same. TLS 1.0 was replaced by 1.1, which was succeeded by TLS 1.2 two years later in 2008.\u00a0TLS 1.3 was finalized last Summer<\/a>.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tWhile, intuitively it would seem that the biggest difference between two successive protocol versions would be the switch from SSL 3.0 to TLS 1.0, it\u2019s probably fair to argue that TLS 1.3 is far more different from TLS 1.2 than 1.0 is from SSLv3.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nSo, today we\u2019re going to take a look at what exactly has changed in TLS 1.3 and what benefits those changes bring to security and performance on the web.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tLet\u2019s hash it out.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

TLS 1.3: 10 years in the making<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTLS 1.3 (RFC 8446<\/a>) was released a full decade after TLS 1.2 and took 28 drafts to finally define. It was not always smooth sailing, either. There were problems with middleboxes, there were commercial elements looking to undermine the standard in the interest of traffic inspection.\u00a0Namely, the financial industry<\/a>. Additionally, the vetting process takes an eternity when there are this many stakeholders involved.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tFrom the first TLS 1.3 version released on April 17, 2014, all the way to the 28th and final version, these drafts were continuously tested and reviewed by vendors such as Google, Cloudflare, Mozilla, and many others. They would experiment with adding TLS 1.3 support, test it, and report issues as they discovered them. That wasn\u2019t always smooth sailing either. For instance, in February 2017, a proxy issue forced\u00a0Google to back out of TLS 1.3 support<\/a>\u00a0entirely for a little while. Obviously, that caused a delay.\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThat early testing by major tech players has actually come back to cause it\u2019s share of problems now that TLS 1.3 is finalized, too. We\u2019ll get to that in a minute.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

TLS 1.2 vs. TLS 1.3 \u2013 What\u2019s the difference?<\/h2><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tTLS 1.2 has been serving the internet faithfully for a decade now, yet nearly\u00a025% of the Alexa Top 100,000 still doesn\u2019t support it<\/a>. That\u2019s problematic, because making the jump from TLS 1.2 to to TLS 1.3 is already a fairly large change. Upgrading from even older protocols will require even more configuration.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\nNow, that\u2019s not to imply upgrading is prohibitively difficult, it\u2019s more to illustrate that one of the biggest challenges that\u2019s going to face TLS 1.3, at least for the next year or so, is the rate of adoption.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

As of the end of last year, just over 17% of the Alexa Top 100,000 supported TLS 1.3.<\/p>\n


<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tThat number has undoubtedly grown since then, but we\u2019re still a long ways from widespread adoption.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tOk, now let\u2019s look at some of the differences. TLS 1.3\u2026\n