Skip to main content
  • The new GREEN working group gets ready for an energy efficient Internet

    The Getting Ready for Energy-Efficient Networking (GREEN) working group will explore use cases, derive requirements, and provide solutions to optimize energy efficiency across the Internet.

    29 Oct 2024
  • IETF Annual Report 2023

    The IETF Annual Report 2023 provides a summary of Internet Engineering Task Force (IETF), Internet Architecture Board (IAB), Internet Research Task Force (IRTF), and RFC Editor community activities from last year.

    25 Oct 2024
  • IETF 122 Bangkok registration open

    Registration is now available for the IETF 122 Bangkok meeting scheduled for 15-21 March 2025, which is the first time registration for an IETF meeting has been open before the preceding meeting registration has closed.

    25 Oct 2024
  • First Impressions from the IAB AI-CONTROL workshop

    The Internet Architecture Board (IAB) organized a workshop on 19-20 September 2024 to discuss issues around and possibilities for practical mechanisms that publishers of data on the Internet could employ to opt out of use by the Large Language Models and other machine learning techniques used for Artificial Intelligence (AI).

    24 Oct 2024
  • New Participant activities at the IETF: Major expansion coming for IETF 122!

    The IETF New Participants program has a long history of helping people just starting out in the IETF be more effective. Based on feedback from program participants over the past two years, and in consultation with the Internet Engineering Steering Group (IESG), the program will be significantly enhanced starting with IETF 122 Bangkok.

    22 Oct 2024

Filter by topic and date

Filter by topic and date

TLS 1.3

10 Aug 2018

TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

TLS 1.3 Badge

Securely sending information over the Internet is a foundation of online commerce, medicine, and other sensitive transactions. For these and many other uses it is critical that transmitted information not be tampered with, forged, or read by anyone other than the sender and receiver. These features have been a key part of the Internet’s growth and are critical to many innovative uses.

While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy.  

Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities. Throughout TLS 1.3’s development the IETF TLS working group engaged with the cryptographic research community to analyze, improve, and validate the security of TLS 1.3. This included several workshops where researchers could present their findings, such as the the TRON workshop hosted in connection with the NDSS 2016 conference, and yielded at least 15 highly cited peer reviewed conference papers in notable academic conferences.  

In contrast to TLS 1.2, TLS 1.3 provides additional privacy for data exchanges by encrypting more of the negotiation handshake to protect it from eavesdroppers.  This enhancement helps protect the identities of the participants and impede traffic analysis. TLS 1.3 also enables forward secrecy by default which means that the compromise of long term secrets used in the protocol does not allow the decryption of data communicated while those long term secrets were in use. As a result, current communications will remain secure even if future communications are compromised.

With respect to performance, TLS 1.3 shaves an entire round trip from the connection establishment handshake. In the common case, new TLS 1.3 connections will complete in one round trip between client and server. Some applications can now also use modes that deliver data to applications even sooner. These enhancements coupled with efficient modern cryptographic algorithms make TLS 1.3 faster than ever.

The process of developing TLS 1.3 included significant work on “running code”, a core mantra of the IETF. This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks. For example, TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3. This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users. A growing list of implementations can be found here.

During its development, many individuals contributed their time, energy, and expertise to improve the protocol to its current state. We give special thanks to these contributors. Now that TLS 1.3--both the core protocol and several other specifications that support its implementation and deployment--is in the final stages of completion, we expect adoption to be fast-paced and widespread.

What do you need to do to take advantage of TLS 1.3? Most modern web browsers and many applications you probably use already support TLS 1.3. For those not currently supporting the protocol, we expect future updates to bring in support.  Similarly, if you manage a website or other online service, the servers and infrastructure you use are likely to start using TLS 1.3 though it is worth double checking with your providers. If you develop or implement the software or services used by others on the Internet and don’t already have TLS 1.3 as part of your roadmap, you should take a look at what others are doing and plan appropriately.

In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.


Share this page