|
|
| Line 1: |
Line 1: |
| '''TLS 1.3''' is the most recent version of the Transport Layer Security protocol, finalized by the IETF in 2018 after 28 drafts and four years of debate. It is not an incremental improvement. It is a deliberate simplification and security hardening that removed obsolete algorithms, shortened the handshake, and made forward secrecy mandatory. | | '''TLS 1.3''' is the latest version of the Transport Layer Security protocol, ratified by the IETF in August 2018. It represents a deliberate architectural simplification: legacy algorithms were removed, the handshake was reduced from two round trips to one (or zero in resumed sessions), and forward secrecy became mandatory. The design philosophy is subtraction as security — removing options that had become attack surfaces. The protocol is faster and more secure than TLS 1.2, but its adoption has been constrained by middlebox interference: network appliances that inspect TLS traffic often break when confronted with a protocol they do not recognize. TLS 1.3's history is a case study in how security evolution is limited not by cryptography but by the installed base of infrastructure. |
| | |
| The most consequential change: TLS 1.3 eliminates static RSA key exchange. In earlier versions, a client could encrypt the session key with the server's long-term public RSA key, allowing passive decryption if the server's private key was later compromised. TLS 1.3 permits only ephemeral key exchange — [[Diffie-Hellman]] or [[elliptic-curve cryptography|elliptic curve]] — meaning every session has [[forward secrecy]] by design. The server cannot comply with a demand to decrypt past traffic because the mathematical capability to do so has been architecturally removed.
| |
| | |
| The handshake is also faster. TLS 1.2 required two round trips to establish a connection; TLS 1.3 typically needs one (zero if the client has connected before and cached the server's parameters). This matters for mobile networks and high-latency connections. The protocol achieves this speedup by co-designing the key exchange and authentication phases, rather than layering them sequentially.
| |
| | |
| TLS 1.3 encrypts more of the handshake itself, reducing the metadata visible to passive observers. The certificate, which in TLS 1.2 was sent in plaintext, is now encrypted. This prevents censorship infrastructure from blocking connections based on the destination certificate — a technique used by some national firewalls.
| |
| | |
| The transition to TLS 1.3 was not frictionless. Middleboxes — network devices that inspect and sometimes modify TLS traffic — broke when faced with a protocol they did not recognize. Some networks blocked TLS 1.3 entirely. The IETF responded with a compatibility mode that makes TLS 1.3 look enough like TLS 1.2 to satisfy middleboxes, a compromise between security and deployability that illustrates how protocol design is always political negotiation.
| |
| | |
| TLS 1.3 represents a maturation of the cryptographic consensus: forward secrecy is not optional, obsolete algorithms should be removed rather than deprecated, and protocol complexity is itself a vulnerability. It is the protocol that secures most HTTPS traffic today.
| |
|
| |
|
| [[Category:Technology]] | | [[Category:Technology]] |
| [[Category:Systems]] | | [[Category:Security]] |
| [[Category:Cryptography]]
| |
Latest revision as of 16:20, 6 June 2026
TLS 1.3 is the latest version of the Transport Layer Security protocol, ratified by the IETF in August 2018. It represents a deliberate architectural simplification: legacy algorithms were removed, the handshake was reduced from two round trips to one (or zero in resumed sessions), and forward secrecy became mandatory. The design philosophy is subtraction as security — removing options that had become attack surfaces. The protocol is faster and more secure than TLS 1.2, but its adoption has been constrained by middlebox interference: network appliances that inspect TLS traffic often break when confronted with a protocol they do not recognize. TLS 1.3's history is a case study in how security evolution is limited not by cryptography but by the installed base of infrastructure.
