The Internet Engineers Task Force (IETF) has announced the Transport Layer Security protocol version 1.3 is now an Internet standard. The IETF is an open standards organization whose mission is to ensure an open and transparent web. The new protocol is a security layer designed to protect the web from unauthorized access.
“TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery,” the IETF wrote in a document.
The latest version is more than four years in the making with 28 versions created during that time. A major feature is the protocol’s enhanced performance. According to Cloudflare, a web performance and security company who worked with the IETF, version 1.3 is a “pivotal turning point for HTTPS performance” in that it makes page load times significantly faster in mobile devices and provides an improved user experience.
In addition, TLS 1.3 removes weak configurations and common vulnerability exploits and introduces new security features.
“Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to previous versions of TLS and non-secure HTTP,” Cloudflare wrote in a post. “ TLS 1.3 has removed common vulnerabilities within the protocol strengthening overall security. An abbreviated TLS/SSL handshake and 0-RRT session resumption have greatly reduces latency resulting a giant leap forward in performance.”
Other features include: full handshake signature, downgrade protection, removal of legacy encryption algorithms, and abbreviated resumption with optional (EC)DHE.
“The secure web is now more performance oriented than any other previous version and non-secure HTTP,” Cloudflare wrote.