{"id":2666,"date":"2018-03-27T02:41:34","date_gmt":"2018-03-27T02:41:34","guid":{"rendered":"http:\/\/websecuritypatterns.com\/blogs\/?p=2666"},"modified":"2018-05-21T03:12:55","modified_gmt":"2018-05-21T03:12:55","slug":"tls-1-3-approved-get-ready-faster-secure-https-connections","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2018\/03\/27\/tls-1-3-approved-get-ready-faster-secure-https-connections\/","title":{"rendered":"TLS 1.3 Approved &#8211; Let&#8217;s get ready for much faster and secure HTTPS connections !"},"content":{"rendered":"<p>It&#8217;s been few years now, the IETF&#8217;s TLS 1.3 standardization effort always looked like a never-ending story.\u00a0<span style=\"color: #000000;\">Glad to note the wait is over. After 28 drafts for review, last week <img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2669 alignright\" src=\"http:\/\/websecuritypatterns.com\/blogs\/wp-content\/uploads\/2018\/03\/TLS-1.png\" alt=\"\" width=\"269\" height=\"172\" srcset=\"https:\/\/websecuritypatterns.com\/blogs\/wp-content\/uploads\/2018\/03\/TLS-1.png 1364w, https:\/\/websecuritypatterns.com\/blogs\/wp-content\/uploads\/2018\/03\/TLS-1-768x492.png 768w, https:\/\/websecuritypatterns.com\/blogs\/wp-content\/uploads\/2018\/03\/TLS-1-624x399.png 624w\" sizes=\"auto, (max-width: 269px) 100vw, 269px\" \/>IETF finally ratified TLS 1.3 as an\u00a0<strong>approved\u00a0standard<\/strong>. \u00a0<span style=\"font-size: 1rem;\">Indeed, TLS 1.3 promises significantly faster SSL\/TLS performance and a much secure communication protocol standard ever <\/span>before!<span style=\"font-size: 1rem;\"> \u00a0It also brings a radical change to its predecessor TLS 1.2 protocol currently surviving with many known risks. \u00a0<\/span><\/span><\/p>\n<p><span style=\"color: #000000;\">TLS 1.3 fundamentally changed the existing TLSv1.2 protocol with several new additions and changes to \u00a0processes:<\/span><\/p>\n<ul>\n<li><span style=\"color: #000000;\">Expected to speed-up atleast 2X by establishing TLS handshake in the first round-trip (existing TLS 1.2 requires 2 more roundtrips). \u00a0The client can send Key material and encrypted payload without server feedback. All handshake messages after ServerHello will be now encrypted.<\/span><\/li>\n<li><span style=\"color: #000000;\">No compression and renegotiation.<\/span><\/li>\n<li><span style=\"font-size: 1rem; color: #000000;\">Deprecates legacy public-key encryption (Static RSA Key transport and Diffie-Hellman) and hashing (MD5 and SHA-1) algorithms.\u00a0<\/span><\/li>\n<li><span style=\"font-size: 1rem; color: #000000;\">Will use Elliptic-curve algorithms as <\/span>base<span style=\"font-size: 1rem; color: #000000;\"> (ECDHE) instead of RSA Key transport (known to\u00a0have issues\u00a0with &#8216;Forward Secrecy&#8217;).<\/span><\/li>\n<li><span style=\"color: #000000;\"><span style=\"font-size: 1rem;\">New signature algorithms\u00a0ed25519 and ed448, uses HMAC and also extended support for\u00a0<\/span><span class=\"\" style=\"font-size: 1rem;\">ChaCha20, Poly1305, Ed25519, x448 and x25519. \u00a0All public-key encryption mechanisms used will ensure forward secrecy.<\/span><\/span><\/li>\n<li><span style=\"color: #000000;\">HMAC based Extract and Expand Key derivative function (HKDF)<\/span><\/li>\n<li><span style=\"font-size: 1rem; color: #000000;\">Enforces &#8220;Forward Secrecy&#8221; assuring past session stay secure. \u00a0\u201cDeep packet inspection\u201d and passive monitoring on TLS sessions will no longer effective and make sense.<\/span><\/li>\n<li><span style=\"color: #000000;\">Introduced TLS False Start and\u00a0Zero Round-Trip-Time (0-RTT) resumption will significantly help speed up connections especially with previously established handshakes or frequently connected Web sites. \u00a0This will boost the performance of Mobile apps and SaaS Cloud applications.<\/span><\/li>\n<li><span style=\"font-size: 1rem; color: #000000;\">No force downgrade options available, during use it resists tampering and it cannot force peers to negotiate different\u00a0cipher suite parameters.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 1rem; color: #000000;\">and more\u2026<\/span><\/p>\n<p><span class=\"\" style=\"color: #000000;\">Most browsers (Firefox, Chrome) already provide TLS 1.3 implementation (based on earlier IETF drafts). OpenSSL 1.1.1 has a<span style=\"color: #ff0000;\"><del>n alpha<\/del><\/span> version of TLS 1.3 as well. Considering the performance and security, \u00a0TLS 1.3 will trigger faster adoption in all industry especially among the Mobile and SaaS Cloud providers! \u00a0Undoubtedly TLS 1.3 is very promising and compelling for secure Web communication..\u00a0let&#8217;s stay tuned.<\/span><\/p>\n<div class=\"\">References:<\/div>\n<div class=\"\"><span class=\"\"><a class=\"\" href=\"https:\/\/tools.ietf.org\/html\/draft-ietf-tls-tls13-28#section-1.3\">https:\/\/tools.ietf.org\/html\/draft-ietf-tls-tls13-28#section-1.3<\/a><\/span><\/div>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s been few years now, the IETF&#8217;s TLS 1.3 standardization effort always looked like a never-ending story.\u00a0Glad to note the wait is over. After 28 drafts for review, last week IETF finally ratified TLS 1.3 as an\u00a0approved\u00a0standard. \u00a0Indeed, TLS 1.3 promises significantly faster SSL\/TLS performance and a much secure communication protocol standard ever before! \u00a0It also brings a radical change&#8230; <a href=\"https:\/\/websecuritypatterns.com\/blogs\/2018\/03\/27\/tls-1-3-approved-get-ready-faster-secure-https-connections\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15,4,8,9,84],"tags":[93,50,57,62,105],"class_list":["post-2666","post","type-post","status-publish","format-standard","hentry","category-cloud-security","category-compliance","category-pki-main","category-security","category-web-security","tag-cloud-security","tag-openssl","tag-pki-main","tag-security","tag-tls"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=2666"}],"version-history":[{"count":10,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2666\/revisions"}],"predecessor-version":[{"id":2733,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/2666\/revisions\/2733"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=2666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/categories?post=2666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/tags?post=2666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}