At the end of last week, the Internet Engineering Task Force released the final version of TLS 1.3. Given that TLS 1.2 is 10 this month, this is no minor update and should see both a more secure browsing experience and a faster one.
Mozilla, which has announced early support in Firefox 61 draft-28, describes it as a “major revision that represents more than 20 years of experience with communication security protocols”.
So what is the result of this? Well, the benefits can be neatly divided into two categories: security and speed.
Related: Best web browser
For security, there are a few improvements. Firstly, handshakes which were previously done in the open are now mostly encrypted, preventing leaks that could reveal the identity of both the client and the server.
Secondly, much of the outdated cryptography of 1.2 has been removed, leaving a smaller number of better systems in place.
Both of these points lead to a system that seems to have got pretty robust endorsement. In total, there are 14 different academic papers analysing the protocol, meaning it’s been given appropriate poking and prodding for most people to feel pretty confident in its sturdiness.
You might think that extra security checks would lead to a slower browsing experience, but that’s actually not the case. This is thanks to a reduction in the number of ‘round trips’ the security handshakes take.
Not only does TLS halve the number of handshakes from two to one by default, it also has a “zero round-trip” mode, where the client sends data to a server with its first set of network packets.
Read more: Best laptops
Of course, the new standard requires adoption from both clients and servers. As well as the draft version of Firefox, Chrome has included support for TLS 1.3 from version 65 onwards. On the server side, Facebook, Google and Cloudflare have already introduced the standard, which between them cover a not insignificant amount of web traffic.
Now the final version of TLS 1.3 is out and signed off, expect the rest of the internet to catch up pretty quickly.
Have you been following the progress of TLS 1.3? Tell us what you think on Twitter @TrustedReviews.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.