What is TLS 1.3?
In February 2016, Google announced that 77 percent of all web requests are encrypted. Today, almost all encrypted web traffic uses normal http traffic over a Transport Layer Security (TLS) protocol encrypted framework. The TLS protocol allows users to safely exchange a secret that is used to encrypt data packets in both directions.
The history of TLS begins with Netscape Corporation and an encryption framework called Secure Sockets Layer (SSL) in 1994. The very first implementation called SSL 1.0 was so flawed that it was never released to the public. So, the first official http encryption standard was 2.0 released in February 1995. Five years later, the SSL protocol eventually gave way to the TLS protocol.
Over time, security researchers have discover flaws in each implementation of SSL and TLS. Like an old washing machine, the flaws and problems become unworkable and needs to be replaced. The current standard TLS protocol is 1.2 which was released in August 2008. It has been the target of many successful exploits including Poodle, Sloth, and Crime.
The latest draft version is TLS 1.3 – which is soon expected to be a standard. It removes many of the primitives and features that made TLS 1.2 vulnerable and represents a significant leap forward in security. In addition, the TLS 1.3 protocol has been modified to reduce the TLS handshake time which provides a significant performance increase for mobile devices. In summary, it’s time to say goodbye to TLS 1.2 and welcome TLS 1.3.