Note: This blog post is the first part of the two-part TLS migration series. In the second part, you can learn how organizations can best prepare for a TLS upgrade with a six-step migration plan.
The TLS protocol was first released in 1999. Ever since, it has undergone three major revisions. TLS 1.3, released in August 2018, is the latest version and is considered the strongest and safest of all.
According to the 2021 TLS Telemetry Report, TLS 1.3 is the chosen encryption protocol for the majority of web servers among the top million. Almost 63% of servers prefer TLS 1.3 to other protocols as of August 2021.
Despite the growing popularity and rapid adoption of TLS 1.3, TLS 1.2 continues to be the widely used TLS version, as it is considered reasonably secure. However, in the past few years, researchers have discovered cryptographic weakness in the ciphers and algorithms that TLS 1.2 uses that can potentially cause attacks, such as the old POODLE and GOLDENDOODLE.
If you’re considering a TLS upgrade but unsure if you must switch to TLS 1.2 or TLS 1.3, take a look at the key improvements the new version brings and how it impacts data security.
Key Benefits of TLS 1.3
1. Improved Performance and Efficiency
The first significant difference between TLS 1.2 and TLS 1.3 is that the TLS 1.3 handshake is faster compared to its predecessor. Typically, a handshake involves a series of verification and mutual agreement steps that help establish a secure connection between a server and a client.
As you can see in the above image, the TLS 1.2 handshake takes two round trips to complete the TLS handshake, which adds network overhead and latency to connections. Conversely, the TLS 1.3 handshake requires only one round trip from both sides. This reduces the total setup time by half and results in faster, highly-responsive HTTPS connections. Faster connections not only boost website performance but also enrich user experience.
The performance improvement in TLS 1.3 is also brought about by “Zero Round Trip Time Resumption or (0-RTT)”, which means when a user tries to access a previously visited website, the connection is instantly resumed by exchanging the pre-shared keys from the previous session. As the entire handshake process is eliminated, the client can send data to the server on the very first message.
2. More Robust Security
- Perfect Forward Secrecy
One of the key reasons why TLS 1.3 is considered more secure than any of its predecessors is because of how it approaches forward secrecy, an encryption implementation method. Although forward secrecy was possible in older TLS versions, it was only optional. But with TLS 1.3, forward secrecy is mandatory.
Perfect forward secrecy in TLS 1.3 uses the Diffie-Hellman Ephemeral algorithm for key exchange, which generates a unique session key for every new session. The session keys are one-time keys used only for the current network session and are discarded at the end of every session. So, even if malicious actors get their hands on the server’s private key, they wouldn’t be able to crack the encryption as only the right combination of public and private keys can help generate the session key used for that particular session. Further, even if a single session key is compromised, malicious actors will be limited to accessing the data shared in that particular session and not the rest of the server’s communications.
By changing the encryption keys for every session, perfect forward secrecy greatly helps diffuse the efforts of threat actors trying to retrieve and decrypt server communications using a single encryption key. It asserts great resistance to brute force and man-in-the-middle attacks.
You might want to note that TLS 1.2 supports both Diffie-Hellman and RSA algorithms for key exchange. However, the RSA algorithm uses a static key, that, when stolen, can allow the attacker to decrypt communications even after several years.
- Simple and Stronger Cipher Suites
As part of the TLS handshake, the server and the client agree on the cipher suite to be used for encrypting data exchanged during the session. A cipher suite refers to a set of encryption algorithms and ciphers used for secure data transmission.
TLS 1.2 uses a complex cipher suite that includes support for encryption algorithms and ciphers with known cryptographic weaknesses. While the complexity results in the poor choice of the cipher suite, support for weak security mechanisms amplifies the risks of encryption attacks. To address these issues, TLS 1.3 uses a simple cipher suite that supports only those algorithms and ciphers that currently have no known vulnerabilities. It has dropped support for SHA-1, RSA key exchanges, the RC4 cipher, CBC-mode ciphers, MD5, and a few more that can potentially cause downgrade attacks.
Out with the Old, In with the New – Makes Your TLS Stronger
“Organizations encrypt network traffic to protect data in transit. However, using obsolete TLS configurations provides a false sense of security since it looks like the data is protected, even though it really is not”.
– National Security Agency (NSA) Guideline on eliminating outdated TLS
Due to accelerated digital transformation, the number of machine-to-machine communications is at an all-time high. The TLS protocol is a de facto standard for securing these communications. Increase in internet-based communication is also the reason why attackers are increasingly targeting TLS-based encryption.
Older versions such as TLS 1.0 and TLS 1.1 have been completely deprecated, and using them is a sure shot invitation for attackers. While TLS 1.2 can still be used, it is considered safe only when weak ciphers and algorithms are removed. On the other hand, TLS 1.3 is new; it supports modern encryption, comes with no known vulnerabilities, and also improves performance. Choosing to switch to TLS 1.3 would certainly be a big boost for digital security.