TLS 1.3 approved, paving the way for a safer, faster internet

Doris Richards
August 16, 2018

Popular browsers Firefox and Chrome have confirmed their support of Transport Layer Security (TLS) 1.3, the latest version of the standard behind the "HTTPS" connectivity scheme, following its finalisation by the Internet Engineering Taskforce (IET) last week.

"The process of developing TLS 1.3 included significant work on "running code", it noted, adding: "This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks". Browser makers like Mozilla or Google implemented support for various draft versions and the functionality was considered experimental at that time.

According to Cloudflare for the last five years, the Internet Engineering Task Force (IETF), the standards body that defines internet protocols, has been working on standardizing the latest version of one of its most important security protocols: Transport Layer Security (TLS).

Firefox 61 is already shipping as the final published version, however, Firefox 63 will be the ultimate version which will be rolling out in October with the new protocol in place.

There have been problems: earlier drafts broke a lot of middleboxes and Google paused its plan to support the new protocol in Chrome when an IT schools administrator in Maryland reported that a third of the 50,000 Chromebooks he managed bricked themselves after being updating to use the tech. Mozilla started to enable TLS 1.3 support in Firefox Stable in 2018.

With the updated spec it promises improved security and little increased speed.

What makes TLS 1.3 special? One of the main advantages of TLS 1.3 is that basic handshakes take a single round-trip compared to TLS 1.2's two round-trips. TLS 1.3 guarantees better privacy by encrypting most of the handshake, which its earlier versions wouldn't, resulting in a leak of information and identities, and provided easier access to hackers.

In addition to providing encryption, TLS ensures the authenticity of every HTTPS website and API.

That will make connections much faster but opens up a potential security hole that those seeking to exploit TLS 1.3 will nearly certainly focus on.

Cloudflare published a technical overview of TLS 1.3 on the company blog; a good read for anyone interested in the topic. By the end of the 1990s, Netscape handed SSL over to the IETF, who renamed it TLS and have been the stewards of the protocol ever since, says Cloudflare.

Other reports by Iphone Fresh

Discuss This Article