An overview of TLS 1.3 and Q&A

Dolphin Valsorda, a member of CloudFlare London office, recently hosted a Tech Talk explaining the latest version of TLS (Transport Layer Security), 1.3. The key points from his talk are as follows: - TLS 1.3 is faster and safer than its predecessors. - It takes one less round trip to establish a connection compared to TLS 1.2, which can be hundreds of milliseconds. - In the case of resumption, where the client has connected to that server before, TLS 1.3 allows for zero-round trip connections (0-RTT), making it essentially zero overhead. - However, 0-RTT comes with caveats such as lack of forward secrecy against a compromise of the session ticket key and potential replay attacks. - Many features have been removed from TLS 1.3 for better security, including static RSA handshake without Diffie Hellman, CBC MAC-then-Encrypt modes, weak primitives like RC4, SHA1, MD5, compression, renegotiation, custom FFDHE groups, RSA PKCS#1v1.5, and explicit nonces. - A clever solution has been implemented to prevent downgrading from TLS 1.3 to older versions if they are found to be weaker in the future. - The TLS 1.3 spec is on GitHub, allowing anyone to contribute to its development.