Discover TLS 1.3
What is TLS ?
TLS (Transport Layer Security) is a protocol aiming to securize your communications on the web.
This protocol is the new version of SSL (who was stopped after version 3) and is massively used on internet, toward the HTTPS protocol, which is basically an addition of TLS over HTTP.
It uses TLS certificates (also called SSL certificates) and securizes all transferts between a client and a server with the following functionnalities :
- Datas’s encryption and integrity
- Authentification and ligitimacy of the server
You can also read this article to know more about SSL certificates
Created by Netscape (when it was still SSL), TLS is now managed by the IETF organization.
IETF (Internet Engineering Task Force) is a non lucrative organization, created in 1986, who is developping and promoting web standards for internet.
Its main goal is to make a better internet with studies and technical documentations to inspire people and companies who are designing and using internet.
It’s a free and opened organization, without any requirements, based on volunteering work from its participants.
How does TLS work ?
This protocol designs a connexion’s process between a client and a server.
It will create dialog between the two to share its requirements and technicicals specificities and choose a algorithm both client and server could use and understand.
During a dialog, each transfert is called RTT: Round Trip Time.
New features in TLS 1.3
Until version 1.3, TLS needed 2 RTT to make a connexion. Now, 1 RTT will be enough.
Better, a new functionnality, called 0-RTT, will allow for all initialized connexions to keep in memory all informations about server’s certificate given in the first connexion. The client won’t have to ask again for every request this datas, saving 1 RTT.
The impact of theses 2 evolutions may seem low (1 RTT takes usually only few hundred milliseconds), but for internet connexions with important latence, like connexions from a mobile phone, the difference could be significative.
In order to work correctly and encrypt datas, TLS needs an encryption cypher.
Many are availables, each one ismore or less recent or secured.
TLS 1.3 removes a dozen obsolete ciphers to optimize its datas encryption security :
- RC4 Steam Cipher
- RSA Key Transport
- SHA-1 Hash Function
- CBC Mode Ciphers
- MD5 Algorithm
- Various Diffie-Hellman groups
- EXPORT-strength ciphers
How to use TLS 1.3
OpenSSL is a tool made for manipulating certificates. TLS is suported since the version 1.1.1, which is still in beta at the moment.
The final version compatible with TLS 1.3 is planned to be release during the second semester in 2018.
Today, only Nginx supports TLS 1.3. Apache, who is built on OpenSSL libraries, will be compatible after the release of OpenSSL 1.1.1.
Here how to activate TLS 1.3 on Nginx by updating the website vhost :
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
Some browsers already accept TLS 1.3 :
- Chrome (since version 66)
- Firefox (since version 60)