IETF Releases the New and Improved Internet Security Protocol, TLS 1.3

Joanna Estrada
August 16, 2018

TLS has gained prominence than ever as Google, Mozilla, Cloudflare and major players are making efforts to encrypt every webpage which prevents surveillance, hackers, and companies that want to insert their commercials.

The protocol has major improvements in the areas of security, performance, and privacy. "It is one of the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone,".

Mozilla has announced that it is supporting the TLS 1.3 standard in Firefox, while Google supports a draft version in Chrome 65. It's what provides the S in HTTPS, the secure version of Hypertext Transfer Protocol that browsers use to load websites.

Transport Layer Security is what is used by devices for secure transactions on the Internet.

The performance boost in TLS 1.3 removes an entire round-trip from the handshake while creating a new connection and includes a mode, which can allow some programs to "deliver data to applications even sooner". The slower your broadband or the more congested your mobile network is, the more you'll notice these delays.

TLS is a security protocol that is created to make the internet safer by adding a layer of encryption to everything that uses HTTPS connection. In response, engineers made a few improvements and the general view now is that if TLS 1.3 breaks your network monitoring, then you are probably doing it wrong in the first place.

Better security is also baked in. You may remember the Heartbleed problem in 2014, but there have been plenty of other TLS troubles, too, including POODLE, ROBOT, FREAK, Logjam and Sweet32. 'Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number),' explains Mozilla's Eric Rescorla in a blog post published late last night.

The academic and theoretical foundations of TLS now have been updated with today's more practical security knowledge, added Cloudflare's Sullivan. As things stand, there are now no identified security holes in the algorithms used in TLS 1.3; the same can not be said for 1.2. Check the protocol features on the page to find out which protocols the browser supports. Whether that is TLS 1.3 already or TLS 1.2 depends on the browser and the site that the browser connects to.

The reason why Mozilla Firefox was so quick to introduce support for TLS 1.3 is because the new protocol has been in the development process for more than ten years now.

Other reports by Click Lancashire

Discuss This Article