Evolution of TLS1.3 – Enhanced security and speed: As 2016 comes to close and we are preparing for a new year, it’s time to implement TLS 1.3.
TLS 1.3 Design Concluded
The biggest practical development in cryptography for 2016 is Transport Layer Security version 1.3. TLS is the most important and widely used cryptographic protocol and it is the backbone of secure Internet communication.
After years of works by hundreds of researchers, finally it was approved by cryptography standpoint.Also now the protocol supported in Firefox, Chrome and Opera.
TLS 1.3 is not a minor redesign, it is a major redesign of TLS 1.2. In fact, one of the most contentious issues was if the name should be something else to indicate how much of an improvement TLS 1.3 really is.
How might users notice TLS 1.3 Speed ?. TLS 1.3 is designed for speed, specifically by reducing the number of network round-trips required before data can be sent to one round-trip (1-RTT) or even zero round-trips (0-RTT) for repeat connections.
TLS 1.3 is much simpler by removing support for a number of old protocol features and obsolete cryptographic algorithms.
TLS 1.3 was analyzed extensively by the cryptographic community during the standardization process, instead of waiting until the protocol is widely deployed and it’s difficult to patch.
Enhanced Protection
TLS 1.3 removes old and unsafe cryptographic primitives, it is built using modern analytic techniques to be safer, it is always forward secure, it encrypts more data, and it is faster than TLS 1.2,” Thomson’s note said.
Another important feature in TLS 1.3 is a feature called “0-RTT resumption” – that is, the ability for a client and server who already “know each other” to skip the handshake entirely.
Valsorda describes the process:
TLS 1.3 now removes obsolete and insecure features from TLS 1.2, including the following:
- SHA-1
- RC4
- DES
- 3DES
- AES-CBC
- MD5
- Arbitrary Diffie-Hellman groups — CVE-2016-0701
- EXPORT-strength ciphers – Responsible for FREAK and LogJam
