GeoCerts Blog

TLS 1.3 Is Here

Apr 10, 2018 Tim Callan Introduction-To

TLS (Transport Layer Security) is the official name of the standard used by computer systems that is commonly referred to as SSL. Though once upon a time the SSL (Secured Sockets Layer) standard governed secure online connections, SSL was surpassed by the TLS standard in 1999. Out of convenience and habit, however, the industry continued to refer to the standard as SSL and mostly still does to this day.

The newest iteration of the TLS protocol, TLS 1.3, is many years in the making and required 28 drafts to get to its current state. The main benefits of TLS 1.3 boil down to speed and security - which are pretty good benefits in a ubiquitous online security protocol.

The speed gains come from a more efficient handshaking mechanism that cuts down on the amount of back and forth required for the two machines to agree on a cipher suite. Furthermore, once any two systems have been through this protocol, TLS 1.3 allows data to be sent on the first connection, without going through the full handshake, which allows for faster load times for repeat connections.

The security gains come by disallowing use of a set of outdated and vulnerable encryption methods such as SHA-1 and MD5. Doing so knocks out a bunch of well-publicized "downgrade" attacks like POODLE and SLOTH.

The specification for TLS 1.3 was published on March 21. Some applications and services like Chrome, Firefox, and Cloudflare already have support for it.  Many others do not, however.  If the two systems connecting support TLS 1.3, they will use this new protocol automatically, so now it's really a matter of the community of internet software and services providers getting their updates in place.

So, what do you need to do?

If you’re using a hosting or public cloud provider, your provider will do what it must to support TLS 1.3.  You can safely delegate this task to that provider. If you are hosting your own site and applications, expect to see software or firmware updates for various elements of your technology stack.  Implementing these patches and updates will enable TLS for your site.