An overview of TLS 1.3 and Q&A
Dolphin Valsorda, a member of CloudFlare London office, recently hosted a Tech Talk explaining the latest version of TLS (Transport Layer Security), 1.3. The key points from his talk are as follows: - TLS 1.3 is faster and safer than its predecessors. - It takes one less round trip to establish a connection compared to TLS 1.2, which can be hundreds of milliseconds. - In the case of resumption, where the client has connected to that server before, TLS 1.3 allows for zero-round trip connections (0-RTT), making it essentially zero overhead. - However, 0-RTT comes with caveats such as lack of forward secrecy against a compromise of the session ticket key and potential replay attacks. - Many features have been removed from TLS 1.3 for better security, including static RSA handshake without Diffie Hellman, CBC MAC-then-Encrypt modes, weak primitives like RC4, SHA1, MD5, compression, renegotiation, custom FFDHE groups, RSA PKCS#1v1.5, and explicit nonces. - A clever solution has been implemented to prevent downgrading from TLS 1.3 to older versions if they are found to be weaker in the future. - The TLS 1.3 spec is on GitHub, allowing anyone to contribute to its development.
Company
Cloudflare
Date published
Sept. 23, 2016
Author(s)
Filippo Valsorda
Word count
1883
Language
English
Hacker News points
None found.