Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


TLS1.3 protocol

TLS1.3 is part of the logical continuation of the TLS protocol update. This evolution obviously improves security, but also performance in terms of navigation.

Security improvement

The TLS1.3 protocol ignores the old encryption algorithms, which are totally obsolete today. Here are some examples of deleted algorithms:

  • SHA-1
  • RC4
  • DES
  • 3DES
  • AES-CBC
  • MD5
  • ...

This allows administrators and developers to reduce their margin of error when configuring the protocol.

A faster protocol

TLS1.3 reduces the number of round trips required to negotiate a TLS connection compared to the TLS1.2 protocol. Also, TLS1.3 now can remember if a TLS negotiation has already been carried out on a previously visited site ("0-RTT" function, zero round trip). This avoids a new TLS negotiation and therefore improves performance.

Browser support

Most browsers support the TLS1.3 protocol, with the exception of Internet Explorer 11, which supports it on an experimental basis.

Here is the list of browsers supporting TLS1.3

  • Microsoft Edge : since version 79
  • Mozilla Firefox : since version 63
  • Google Chrome : since version 70
  • Safari : since version 14

Servers compatibility

Microsoft

Windows Server does not support the TLS1.3 protocol at the moment (this also applies to Windows Server 2019). If you use this type of server and you want to activate the TLS1.3 protocol, you will have to use a reverse proxy for example.

UPDATE 15/03/2021 : Windows Server 2022 will support the TLS1.3 protocol (Microsoft source)

OpenSSL

For software based on OpenSSL (Apache, Nginx, Postfix, etc.), at least the version 1.1.1.

Distribution Version OpenSSL version
Debian 10 (Buster) 1.1.1d
Red Hat Enterprise Linux 8 1.1.1
Ubuntu 20.04 1.1.1
OpenSUSE 15.2 1.1.1d

JAVA

For Java-based software, at least Java 8 Update 261 (8u261) is required.

Tokens compatibility (authentication)

Token model TLSv1.3 compliant
Certigna No
Harica Yes
ChamberSign No

Useful links