Transport Layer Security is a cryptographic protocol used to provide communication security. TLS primarily provides privacy and data integrity between communication or internet connections. Connections secured by TLS should adhere to the following:
- Private Connection: Used to encrypt the data using symmetric cryptography. Keys for each connection are generated uniquely based on a shared secret during TLS handshake process. The Server/Client negotiate an encryption algorithm and cryptographic keys to use before any data is transmitted.
- Communication Party Identity: Authenticated using public key cryptography. This is required at least by one party, ideally the server.
- Reliable Connection: Each message has an integrity check using a message authentication code to prevent undetected loss or alteration of data during transmission.
Additionally, TLS provides privacy related properties. For example, Forward Secrecy ensures any future disclosure of encryption keys cannot be used to decrypt any TLS communication recorded in the past.
TLS protocol provides two layers: TLS Record provides connection security and TLS Handshake allow the client and server to authenticate each other and negotiate security keys before transmitting data.
History of TLS Protocol
TLS 1.0 was introduced in 1999. TLS 1.1 followed in 2006. TLS 1.2 was then introduced in 2008. Followed by TLS 1.3 in 2017.
TLS 1.3 is a major rewrite by Internet Engineering Task Force (IETF) and was approved in March 2018. It significantly improves security, performance and privacy. Version 1.3 makes TLS significantly more difficult for attackers to decrypt https encrypted traffic.
- Handshake process is much faster with 1 round trip vs 2 round trips in TLS 1.2
- TLS 1.3 eliminated older algorithms that had exposure to vulnerabilities: RC4 Steam Cipher, RSA Key Transport, SHA-1 Hash Function, CBC Mode Ciphers, MD5 Algorithm, Various Diffie-Hellman groups, EXPORT-strength ciphers, DES, 3DES.
- 0-RTT resumption enables client server to remember if they have communicated before. If prior communication occurred, previous keys can be used and security checks skipped, and client and server can begin communicating immediately.
Overall TLS 1.3 uses fewer resources in CPU cycles and reduces latency.
You can enable TLS 1.3 on most web browsers to increase your performance and privacy features. I hope this gives some insight on how to improve your browser experience, stay tuned for more.