You’ve probably heard of SSL (Secure Socket Layer) technology, which allows for the “S” part of the “https” address you’ve now seen everywhere. However, not as many of us are aware of the underlying standard for SSL, called TLS (Transport Layer Security). While we may not care about that standard most of the time, it’s making big news now: it has just been revised and, as a result, is going to be adding some major improvements to security on the web.
According to Olaf Kolkman, the Chief Internet Technology Officer for the Internet Society, TLS is “an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world.” The newest version, 1.3, has been in development for the past four years and represents significant enhancements to internet security.
- Protecting your data on the web is about to get faster [CNET] “Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you’ll notice these delays. TLS 1.3 cuts the number of round-trip exchanges in the handshake from two to one, and a more advanced version can cut it all the way to zero.”
- It’s official: TLS 1.3 approved as standard while spies weep [The Register] “The new version – which some argue could be called TLS 2.0 due to the significance of the changes – makes no less that three previous RFCs obsolete and updates another two. As things stand, there are currently no identified security holes in the algorithms used in TLS 1.3; the same cannot be said for 1.2.”
- Firefox now supports the newest internet security protocol [TechCrunch] “And the good news is, you can already use it today, because, as Mozilla today announced, Firefox already supports the new standard out of the box. Chrome, too, started supporting the new protocol (based on earlier drafts) in version 65.”
- Introducing TLS 1.3, the first major overhaul of the TLS protocol with improved security and speed [Packt] “In contrast to the TLS 1.2, the v1.3 has an added privacy for data exchanges. This is done by encrypting more of the negotiation handshake to protect it from eavesdroppers. This helps in protecting the identities of the participants and impedes traffic analysis.”
From the Ohio Web Library:
- Spirent Gives Customers a Head Start in Validating and Testing New Transport Layer Security (TLS 1.3) Infrastructure (Spirent Communications plc First to Offer Security Testing for TLS 1.3 with Advanced, F. (9). Spirent Gives Customers a Head Start in Validating and Testing New Transport Layer Security (TLS 1.3) Infrastructure. Business Wire (English). )
- TLS 1.3 Encryption Standard Moves Forward, Improving Internet Security (Kerner, S. M. (2018). TLS 1.3 Encryption Standard Moves Forward, Improving Internet Security. Eweek, 7. )
- CloudFlare Implementing Latest Draft of TLS 1.3 (Kerner, S. M. (2016). CloudFlare Implementing Latest Draft of TLS 1.3. Eweek, 1. )