TLS1.3 protocol
TLS1.3 is part of the logical continuation of the TLS protocol update. This evolution obviously improves security, but also performance in terms of navigation.
Security improvement
The TLS1.3 protocol ignores the old encryption algorithms, which are totally obsolete today. Here are some examples of deleted algorithms:
- SHA-1
- RC4
- DES
- 3DES
- AES-CBC
- MD5
- ...
This allows administrators and developers to reduce their margin of error when configuring the protocol.
A faster protocol
TLS1.3 reduces the number of round trips required to negotiate a TLS connection compared to the TLS1.2 protocol. Also, TLS1.3 now can remember if a TLS negotiation has already been carried out on a previously visited site ("0-RTT" function, zero round trip). This avoids a new TLS negotiation and therefore improves performance.
Browser support
Most browsers support the TLS1.3 protocol, with the exception of Internet Explorer 11, which supports it on an experimental basis.
Here is the list of browsers supporting TLS1.3
- Microsoft Edge : since version 79
- Mozilla Firefox : since version 63
- Google Chrome : since version 70
- Safari : since version 14
Servers compatibility
Microsoft
Windows Server does not support the TLS1.3 protocol at the moment (this also applies to Windows Server 2019). If you use this type of server and you want to activate the TLS1.3 protocol, you will have to use a reverse proxy for example.
UPDATE 15/03/2021 : Windows Server 2022 will support the TLS1.3 protocol (Microsoft source)
OpenSSL
For software based on OpenSSL (Apache, Nginx, Postfix, etc.), at least the version 1.1.1.
Distribution | Version | OpenSSL version |
---|---|---|
Debian | 10 (Buster) | 1.1.1d |
Red Hat Enterprise Linux | 8 | 1.1.1 |
Ubuntu | 20.04 | 1.1.1 |
OpenSUSE | 15.2 | 1.1.1d |
JAVA
For Java-based software, at least Java 8 Update 261 (8u261) is required.
Tokens compatibility (authentication)
Token model | TLSv1.3 compliant |
---|---|
Certigna | No |
Harica | Yes |
ChamberSign | No |