News

Internet Engineering Task Force Releases TLS 1.3

By admin
Spread the love

The Internet Engineering Task Force has completed development on TLS 1.3. The new version of the security protocol includes some new features and some outdated parts have been removed.

The full list of changes can be found on the IETF website. One of the biggest changes in the protocol is that the handshake between the user and the server has been made more compact, so that less unencrypted data is exchanged. Another big change is that the concept of forward secrecy is now mandatory so that older messages cannot be decrypted if a password is leaked. Cipher suites that do not support this are no longer allowed.

Other tweaks include the removal of some outdated algorithms that could be exploited, and a 0-RTT mode, or zero round-trip time, where the client and server don’t need to be re-authenticated for each message. This saves data at the expense of some security features. The disappearance of certain algorithms is related to the requirement for authenticated encryption, introduced in version 1.3. The well-known md5 hashing algorithm is also no longer supported.

Just because TLS 1.3 is finished, doesn’t mean it’s implemented everywhere right away. To do this, support must first be implemented on both the servers and the users. When this happens, the end user probably won’t notice much of the switch.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

GitHub enables passwordless login via passkeys in beta