TLS 1.3

Securely sending information over the Internet is a foundation of online commerce, medicine, and other sensitive transactions. For these and many other uses it is critical that transmitted information not be tampered with, forged, or read by anyone other than the sender and receiver. These features have been a key part of the Internet’s growth and are critical to many innovative uses.

While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy.  

Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities. Throughout TLS 1.3’s development the IETF TLS working group engaged with the cryptographic research community to analyze, improve, and validate the security of TLS 1.3. This included several workshops where researchers could present their findings, such as the the TRON workshop hosted in connection with the NDSS 2016 conference, and yielded at least 15 highly cited peer reviewed conference papers in notable academic conferences.  

In contrast to TLS 1.2, TLS 1.3 provides additional privacy for data exchanges by encrypting more of the negotiation handshake to protect it from eavesdroppers.  This enhancement helps protect the identities of the participants and impede traffic analysis. TLS 1.3 also enables forward secrecy by default which means that the compromise of long term secrets used in the protocol does not allow the decryption of data communicated while those long term secrets were in use. As a result, current communications will remain secure even if future communications are compromised.

With respect to performance, TLS 1.3 shaves an entire round trip from the connection establishment handshake. In the common case, new TLS 1.3 connections will complete in one round trip between client and server. Some applications can now also use modes that deliver data to applications even sooner. These enhancements coupled with efficient modern cryptographic algorithms make TLS 1.3 faster than ever.

The process of developing TLS 1.3 included significant work on “running code”, a core mantra of the IETF. This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks. For example, TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3. This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users. A growing list of implementations can be found here.

During its development, many individuals contributed their time, energy, and expertise to improve the protocol to its current state. We give special thanks to these contributors. Now that TLS 1.3--both the core protocol and several other specifications that support its implementation and deployment--is in the final stages of completion, we expect adoption to be fast-paced and widespread.

What do you need to do to take advantage of TLS 1.3? Most modern web browsers and many applications you probably use already support TLS 1.3. For those not currently supporting the protocol, we expect future updates to bring in support.  Similarly, if you manage a website or other online service, the servers and infrastructure you use are likely to start using TLS 1.3 though it is worth double checking with your providers. If you develop or implement the software or services used by others on the Internet and don’t already have TLS 1.3 as part of your roadmap, you should take a look at what others are doing and plan appropriately.

In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.