DEV Community

Https
Https

Posted on • Updated on

Advantage of TLS 1.3 over TLS 1.2

It took about more than eight years since the last encryption protocol update, a new version TLS 1.3 published as of August 2018.

TLS 1.3 has countless advantages over its predecessors, which is faster and more secure including a handshake and rebuild cipher suites. Below are few most important advantages, read thoroughly and feel free to share your comments.

What is TLS 1.3?

TLS stands for Transport Layer Security and is the successor to SSL (Secure Sockets Layer). TLS provides secure communication between web browsers and servers. The connection itself is secure because symmetric cryptography is used to encrypt the transmitted data. In other words, TLS is a standard protocol that allows clients and servers to communicate securely over the internet. Meanwhile, you MUST buy SSL certificates in order to secure your websites.

Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to its previous versions of TLS and non-secure HTTP. Cloudflare engineers contributed towards the development of the newest TLS protocol.

Advantage of TLS 1.3 over TLS 1.2

1) Speed Benefit:

TLS 1.3 much faster than its predecessor because the time taken for a handshake reduced. In TLS 1.3, it takes one round-trip from both sides to complete a handshake. TLS 1.3 reduced the round trip than TLS 1.2, since the number of negotiations cut-down to 2 against 4.

alt text

Whereas in TLS 1.2, it takes two round-trips and the number of negotiations it requires is four. It makes it slower in terms of network performance than TLS 1.3.

The shorter TLS handshake has made the connection to the site much faster- with less latency, which improves the enterprise network performance.

‘Zero Round Trip Time Resumption’ (0-RTT) will make TLS 1.3 faster as it allows for near-instantaneous session resumption for visitors who have recently visited the website. Such speed change is pretty much noticeable on the mobile networks and at scale.

In TLS 1.3, to resume a connection pre-shared key is used whereas TLS 1.2 uses a couple of ways to resume i.e. session IDs and session tickets. The client and the server generate session keys to use during a connection, once the connection is been established, they can use a similar function to generate “Resumption Master Key” which facilitates 0-RTT.

This resumption master key is to encrypt application data for the server along with the session ticket when the client and the server want to resume a session. Afterward, the server validates it and the session gets resumes.

2) Cipher Suites Simplified:

As we are aware that half of the negotiation has been eliminated from the handshake, which has resulted in a decrease in the size of the cipher too.

TLS 1.2 and its predecessors use Cipher Suites which included 4 ciphers: They are as followed:

alt text

The TLS1.3 supports cipher suites that do not include key exchange and signature algorithms.

alt text

The biggest drawback in TLS 1.2 is multiple cipher combinations giving nightmare for the parties participating in the handshaking, lagged in providing guidance in choosing cipher suite for better security.

The TLS version 1.3 has five different cipher suites that can be used which are as follows:

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256

3) Security Improvement:

The problem with the TLS 1.2 has been that no properly configured done and gave open ways for website attacks. Release of TLS version 1.3 helped in removing all the insecure features such as:

SHA-1
RC4
DES
3DES
AES-CBC
MD5
Arbitrary Diffie-Hellman groups – CVE-2016-0701
Export-strength ciphers- responsible for Freak and LogJam
The administrators and developers may find the TLS version 1.3 as a preferred protocol as it is more simplifies and will help in less misconfiguring the protocol.

People have started trusting the TLS 1.3 more than its predecessors

Google is raising the security bar, by displaying warning messages on the screen for the users to move from 1.2 and below to TLS 1.3, for both the browsers and the servers.

You can read the full article about the advantages of TLS 1.3.

Top comments (1)

Collapse
 
anjankant profile image
Anjan Kant

Awesome explanation over 1.3 security, well done more explanation here also