After years of development and 28 drafts, the Internet Engineering Task Force has approved Transport Layer Security 1.3 as a proposed internet standard. The new standard aims to provide improved security and cryptographic assurances for the internet.
“TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery,” the IETF announcement message for TLS 1.3 states.
TLS 1.3 is the successor to TLS 1.2, which was formally defined in August 2008 and is supported in most major web browsers and servers. Many browsers and servers, however, still also run the older TLS 1.1 protocol that was defined in April 2006 as an update to the TLS 1.0/Secure Socket Layers (SSL) v3.0 web encryption protocol that came out in 1999.
Among the multiple improvements in TLS 1.3 is increased speed of operation. A core promise of the new encryption standard is that encrypted traffic will be handled by servers and browsers as fast as unencrypted traffic. When TLS 1.2 was first defined, only a small fraction of web traffic was encrypted. In 2018, encrypted HTTPS traffic accounts for over 50 percent of web traffic according to multiple reports including one from Cisco.
TLS 1.3 is also more secure than its predecessors as it removes support for older, less secure cryptographic algorithms.
“The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy,” the TLS 1.3 draft standard states. “Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms.”
The removal of older protocols is an important step in limiting multiple types of attacks that have been reported by researchers in recent years. Attacks such as POODLE, FREAK and Logjam are primary reasons why SSLv3.0 and TLS 1.0 are not considered to be safe. Those attacks made use of older, less-secure cryptographic algorithms to exploit HTTPS.
Going a step further, all of the public-key exchange methods supported in TLS 1.3 support forward secrecy.
“The goal of forward secrecy is to protect the secrecy of past sessions so that a session stays secret going forward,” Patrick Crowley, engineering lead for Cisco’s Stealwatch, wrote in a blog post. “With TLS 1.2 and earlier versions, a bad actor who discovered a server’s private key could use it to decrypt network traffic that had been sent earlier.”
The TLS 1.3 specification also serves to remove a potential attack vector by encrypting all messages after the initial “ServerHello handshake” is made to initiate an encrypted data stream.
“The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers,” the IETF standard draft states.
Although TLS 1.3 is only a recommended internet standard, browser and infrastructure operators have already takes steps to implement earlier drafts of the protocol. Among the vendors that have long supported TLS 1.3 is CloudFlare, which began implementing draft support in September 2016.
“There are over 10 interoperable implementations of the protocol from different sources written in different languages,” the IETF TLS 1.3 announcement states. ” The major web browser vendors and TLS libraries vendors have draft implementations or have indicated they will support the protocol in the future.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.