Last Friday, the Internet Engineering Task Force released the final version of TLS 1.3. This is a major update to TLS 1.2, the security protocol that secures much of the web by, among other things, providing the layer that handles the encryption of every HTTPS connection.
The updated spec promises improved security and a bit more speed, thanks to the reduced need for round trips as the browser and server negotiate the security settings. And the good news is, you can already use it today, because, as Mozilla today announced, Firefox already supports the new standard out of the box. Chrome, too, started supporting the new protocol (based on earlier drafts) in version 65.
TLS 1.3 has been a few years in the making and it’s been 10 years since the last version launched. It’s no secret that TLS 1.2 had its share of problems — though those were mostly due to its implementations, which are obviously a favorite target for hackers thanks to their ubiquity and which opened up bugs like the infamous Heartbleed vulnerability. But in addition to that, some of the algorithms that are part of TLS 1.2 have been successfully attacked.
It’s no surprise, then, that TLS 1.3 focuses on providing access to modern cryptographic methods (the folks over at Cloudflare have a more in-depth look at what exactly that means).
For users, all of this ideally means that they get access to a more secure web, as well as a slightly faster one, as the new protocol allows the browser and server to quickly negotiate which encryption to use without lots of back and forth.
Some of the companies that already support TLS 1.3 include Facebook (which says that it already serves almost half of its traffic over the new protocol), as well as Google and Cloudflare.
The messy, musical process behind the web’s new security standard