On March 21st, the IETF voted unanimously to approve the latest draft for TLS 1.3. Four years and 28 drafts in the making, TLS 1.3 boasts new standards to improve both security and speed of the TLS protocol.
Perhaps the most exciting new piece of TLS from a security perspective is the removal of support for known broken cryptographic cipher suites and hash functions such as SHA-1, RC4, and MD5 among others. TLS 1.3 forces users to use only the most recent cryptographic algorithms so malicious actors will not be able to force a communication to use the weaker systems supported by TLS 1.2 and earlier versions.
In addition, TLS 1.3 utilizes the Diffie-Hellman key exchange protocol which generates one time keys for each session. This allows for forward secrecy within TLS 1.3 sessions since a compromised key would not be able to decrypt past sessions. While this was part of older TLS versions, it had always been an optional setting. With the draft approved by the IETF, forward secrecy is required in 1.3.
For the time being however, many servers will still renegotiate to TLS 1.2 or 1.0 until 1.3 is properly implemented which means these outdated algorithms will continue to be in use for years to come. Ultimately, the push for TLS 1.3 adoption may come from popular web browsers labeling websites using older versions of TLS as “Less Secure.” While many popular browsers such as Chrome already flag HTTP traffic as “Not Secure,” it may be the time now to raise the floor from simply having HTTPS to using an updated version of the TLS protocol. If the major browsers pushed some initiative like this, it would put pressure on companies to ensure that their websites were using the latest versions of TLS and provide the most secure experience for users.
Another improvement over TLS 1.2 is the speed that encrypted connections can be opened in. Performance is always a concern for users, especially with how widespread secure browsing is used on mobile device. The improved performance of TLS 1.3 is the achieved through the use of an abbreviated handshake and 0-RTT handshake features. The abbreviated handshake works by allowing the client to send their cryptographic keys with the “Hello” message since static RSA key exchanges are no lo
nger supported. This means that TLS 1.3 handshakes only require a single round-trip to establish a connection which is a huge performance boost over 1.2 and earlier which required at least two round trips.
Connections will also be able to be resumed with 0 round trips using data sent during a previous session. The way this works is after a full handshake is established, the servers also sends a ServerConfiguration message that contains the necessary data to be used in a subsequent 0-RTT connection. Next time a user wants to establish a secure connection to this server, the user will use the This allows for a huge performance gain for resumed connections when using 0-RTT resumption. For a great breakdown on the gritty details of these two types of handshakes, check out this blog post from Tim Taubert, a security engineer from Mozilla.
One area of concern is the potential for a replay attack against a target using 0-RTT handshakes. With 0-RTT enabled, an attacker with access to an encrypted session can simply copy the encrypted 0-RTT data and resend it to the target server essentially impersonating the user. To mitigate replay attacks, it is important for web application developers to incorporate proper session management and perhaps leverage single use passwords on sensitive actions.
While TLS 1.3 was approved by the IETF, it will still take time, perhaps years, for it to be predominantly used by websites. At the end of 2017, Cloudflare found that only 0.06% of top websites are using TLS 1.3. Currently, Chrome (as of version 56), Firefox (as of version 52) and Opera (as of version 43) support TLS 1.3. However, IE, Edge and Safari still do not support it in their stable releases. To get up to date information on the support of TLS 1.3, you can use the “Can I Use” tool here: https://caniuse.com/#feat=tls1-3.
Are you doing enough to protect your network? Take our free Security Assessment to find out.