What just happened? Last Friday, the Internet Engineering Task Force (IETF) completed a major overhaul of TLS 1.2, the internet security protocol used to secure encrypted website connections. Version 1.3 promises to make the internet both safer and faster for users.
The IEFT says version 1.3 of the Transport Layer Security protocol will bring "major improvements in the areas of security, performance, and privacy.” It’s been ten years since the last version launched, and work on the update has been going on for the last five years.
In addition to providing encryption, TLS ensures the authenticity of every HTTPS website and API. Google has long argued that all sites should be protected with HTTPS and labels any that aren’t as “non-secure” in Chrome 68.
TLS 1.2 has faced issues over the years—problems with code implementations have led to critical security vulnerabilities such as Heartbleed in 2014. Version 1.3 adds efficient modern cryptograph technology and removes some outdated elements. "TLS was 90s crypto: It meant well and seemed cool at the time, but the modern cryptographer's design palette has moved on," writes Cloudflare’s Nick Sullivan.
Additionally, TLS 1.3 will bring performance improvements. When exchanging cryptographic data (a handshake) the number of required round-trip exchanges between browser and server is reduced. This means connections using TLS 1.3 will usually complete in just one trip, or even sooner when using some applications, making the whole process much faster. The new version also uses fewer resources, meaning less CPU usage.
Mozilla has announced that it is supporting the TLS 1.3 standard in Firefox, while Google supports a draft version in Chrome 65. Facebook, meanwhile, says over 50 percent of its traffic is secured with TLS 1.3.