Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    TLS 1.3 Encryption Standard Moves Forward, Improving Internet Security

    By
    Sean Michael Kerner
    -
    March 26, 2018
    Share
    Facebook
    Twitter
    Linkedin
      TLS 1.3

      After years of development and 28 drafts, the Internet Engineering Task Force has approved Transport Layer Security 1.3 as a proposed internet standard. The new standard aims to provide improved security and cryptographic assurances for the internet.

      “TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery,” the IETF announcement message for TLS 1.3 states.

      TLS 1.3 is the successor to TLS 1.2, which was formally defined in August 2008 and is supported in most major web browsers and servers. Many browsers and servers, however, still also run the older TLS 1.1 protocol that was defined in April 2006 as an update to the TLS 1.0/Secure Socket Layers (SSL) v3.0 web encryption protocol that came out in 1999.

      Among the multiple improvements in TLS 1.3 is increased speed of operation. A core promise of the new encryption standard is that encrypted traffic will be handled by servers and browsers as fast as unencrypted traffic. When TLS 1.2 was first defined, only a small fraction of web traffic was encrypted. In 2018, encrypted HTTPS traffic accounts for over 50 percent of web traffic according to multiple reports including one from Cisco.

      TLS 1.3 is also more secure than its predecessors as it removes support for older, less secure cryptographic algorithms.

      “The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy,” the TLS 1.3 draft standard states. “Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms.”

      The removal of older protocols is an important step in limiting multiple types of attacks that have been reported by researchers in recent years. Attacks such as POODLE, FREAK and Logjam are primary reasons why SSLv3.0 and TLS 1.0 are not considered to be safe. Those attacks made use of older, less-secure cryptographic algorithms to exploit HTTPS. 

      Going a step further, all of the public-key exchange methods supported in TLS 1.3 support forward secrecy.

      “The goal of forward secrecy is to protect the secrecy of past sessions so that a session stays secret going forward,” Patrick Crowley, engineering lead for Cisco’s Stealwatch, wrote in a blog post. “With TLS 1.2 and earlier versions, a bad actor who discovered a server’s private key could use it to decrypt network traffic that had been sent earlier.”

      The TLS 1.3 specification also serves to remove a potential attack vector by encrypting all messages after the initial “ServerHello handshake” is made to initiate an encrypted data stream.

      “The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers,” the IETF standard draft states.

      Deployment

      Although TLS 1.3 is only a recommended internet standard, browser and infrastructure operators have already takes steps to implement earlier drafts of the protocol. Among the vendors that have long supported TLS 1.3 is CloudFlare, which began implementing draft support in September 2016.

      “There are over 10 interoperable implementations of the protocol from different sources written in different languages,” the IETF TLS 1.3 announcement states. ” The major web browser vendors and TLS libraries vendors have draft implementations or have indicated they will support the protocol in the future.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×