The Transport Layer Security (TLS) protocol, an integral technology in end-to-end data protection, has been updated to version 1.3 this month with improvements to security, performance, and stripping some insecure optional features from the previous version 1.2.
According to the Internet Engineers Task Force (IETF), TLS 1.3 introduces improved encryption during the negotiation handshake stage of data transport, helping to protect the identities on either end of the exchange, as well as forward secrecy, which encrypts communications in such a way that prior communications aren’t compromised by potential future breaches.
“Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms,” IETF wrote in a blog post. “TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities.”
To help ensure the security of TLS 1.3, the team collaborated with members of the cryptographic research community, including hackathons and workshops like the one seen in a video the organization posted to YouTube.
“At the IETF Hackathon, we’ve collected a bunch of different implementers from browser implementers, to internet-of-things implementers, to websites to get them to come together, to interoperate and test the new version of the protocol and make sure it’s not only secure, but fast,” TLS 1.3 team lead Nick Sullivan of Cloudflare said in the video.
The performance boost in TLS 1.3 removes an entire round-trip from the handshake while creating a new connection and includes a mode, which can allow some programs to “deliver data to applications even sooner.”
TLS 1.3 required major collaboration from the tech industry to ensure it was secure, fast, and reliable for the Internet for the next 20 years, the IETF explained.
“This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3,” the organization wrote in the announcement. “This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users.”
Many modern web browsers and applications are already taking advantage of the new update. Mozilla announced it would be adding support in FireFox and Facebook open sourced a TLS 1.3 library.
“While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy,” the IETF wrote.