Skip to main content
  • Fresh perspectives from IETF Administration LLC Board

    Two members of the IETF Administration LLC Board of Directors bring deep expertise and experience from outside the realm of developing technical standards, providing perspectives about the factors and priorities important to advancing the community’s work and IETF mission more broadly.

    • Grant GrossIETF Blog Reporter
    27 Sep 2021
  • IETF 111 Hackathon: Coding across time zones

    The IETF 111 Hackathon was held July 19-23, 2021. This was the 19th IETF Hackathon, and the 4th held as an online only event. For most people involved in the IETF the past several years, the IETF Hackathon marks the start of each IETF meeting.

    • Charles EckelIETF Hackathon Co-chair
    8 Sep 2021
  • IETF 111 post-meeting survey

    The results from our IETF 111 post-meeting survey are now available.

    • Jay DaleyIETF Executive Director
    22 Aug 2021
  • IETF Community Survey 2021

    In May 2021, the IETF Administration LLC (IETF LLC) on behalf of the IESG and in collaboration with the IAB distributed the first annual IETF community survey to all 56,000 addresses subscribed to IETF mailing lists. Its purpose was "To help better understand our community and its makeup, gather views on the IETF and how well it works for participants, and gain insight into how we compare to similar organisations".

    • Jay DaleyIETF Executive Director
    11 Aug 2021
  • Experiences from the first fully-online IAB workshop on Network Impacts of COVID-19

    The Internet Architecture Board (IAB) held its first fully-online workshop in November 2019, just before the IETF 109 meeting, to discuss the network impacts of the COVID-19 crisis.

    • Mirja KühlewindIAB Chair
    23 Jul 2021

Filter by topic and date

Filter by topic and date

TLS 1.3

  • Joseph A. SaloweyTLS Working Group Chair
  • Sean TurnerTLS Working Group Chair
  • Christopher A. WoodTLS Working Group Chair

10 Aug 2018

TLS 1.3 updates the most important security protocol on the Internet, delivering superior privacy, security, and performance.

TLS 1.3 Badge

Securely sending information over the Internet is a foundation of online commerce, medicine, and other sensitive transactions. For these and many other uses it is critical that transmitted information not be tampered with, forged, or read by anyone other than the sender and receiver. These features have been a key part of the Internet’s growth and are critical to many innovative uses.

While the most widely used technology providing transport layer security for the Internet traces its origins back to SSL more than 20 years ago, the recently completed TLS 1.3 is a major revision designed for the modern Internet. The protocol has major improvements in the areas of security, performance, and privacy.  

Although the previous version, TLS 1.2, can be deployed securely, several high profile vulnerabilities have exploited optional parts of the protocol and outdated algorithms. TLS 1.3 removes many of these problematic options and only includes support for algorithms with no known vulnerabilities. Throughout TLS 1.3’s development the IETF TLS working group engaged with the cryptographic research community to analyze, improve, and validate the security of TLS 1.3. This included several workshops where researchers could present their findings, such as the the TRON workshop hosted in connection with the NDSS 2016 conference, and yielded at least 15 highly cited peer reviewed conference papers in notable academic conferences.  

In contrast to TLS 1.2, TLS 1.3 provides additional privacy for data exchanges by encrypting more of the negotiation handshake to protect it from eavesdroppers.  This enhancement helps protect the identities of the participants and impede traffic analysis. TLS 1.3 also enables forward secrecy by default which means that the compromise of long term secrets used in the protocol does not allow the decryption of data communicated while those long term secrets were in use. As a result, current communications will remain secure even if future communications are compromised.

With respect to performance, TLS 1.3 shaves an entire round trip from the connection establishment handshake. In the common case, new TLS 1.3 connections will complete in one round trip between client and server. Some applications can now also use modes that deliver data to applications even sooner. These enhancements coupled with efficient modern cryptographic algorithms make TLS 1.3 faster than ever.

The process of developing TLS 1.3 included significant work on “running code”, a core mantra of the IETF. This meant building and testing implementations by many companies and organizations that provide products and services widely used on the Internet, such as web browsers and content distribution networks. For example, TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3. This work helped make TLS 1.3 part of the roadmap for many companies and is poised to be quickly and broadly available to a wide range of Internet users. A growing list of implementations can be found here.

During its development, many individuals contributed their time, energy, and expertise to improve the protocol to its current state. We give special thanks to these contributors. Now that TLS 1.3--both the core protocol and several other specifications that support its implementation and deployment--is in the final stages of completion, we expect adoption to be fast-paced and widespread.

What do you need to do to take advantage of TLS 1.3? Most modern web browsers and many applications you probably use already support TLS 1.3. For those not currently supporting the protocol, we expect future updates to bring in support.  Similarly, if you manage a website or other online service, the servers and infrastructure you use are likely to start using TLS 1.3 though it is worth double checking with your providers. If you develop or implement the software or services used by others on the Internet and don’t already have TLS 1.3 as part of your roadmap, you should take a look at what others are doing and plan appropriately.

In short, TLS 1.3 is poised to provide a foundation for a more secure and efficient Internet over the next 20 years and beyond.


Share this page