Labels

slider

Recent

Navigation

TLS: What’re the differences between TLS 1.2 vs TLS 1.3

You must know the significant difference between TLS 1.2 vs 1.3 and can upgrade your existing version to TLS 1.3

Introduction

TLS (Transport Layer Security) serves as the successor to SSL for the purpose of secure communication between web browsers (clients) and servers. Here, symmetric cryptography ensures the top security of this communication through encryption of the transmitted data. For every connection, unique shared secret keys are generated at the time of TLS “handshake” communications. Gradually, TLS has been also progressed with different versions like TLS 1.0, TLS 1.1, TLS 1.2, and TLS 1.3 (latest version). No need to compute Hash 256, and Hash 384  separately for security purpose.

What’re the differences between TLS 1.2 vs TLS 1.3

With this modernized method, both the Web administrators and developers are now less vulnerable to misconfiguring web protocols, thus keeping websites more secured for users in terms of security, privacy and integrity as well as lowering the risk of cyber attacks. Especially, the online shopping and payment card industries including bank and finance industries need to upgrade the TLS 1.2 to TLS 1.3 version is mandatory.
If we compare TLS 1.2 and TLS 1.3, the following are the major factors to consider.

More modernize news on cyber security 

Difference in Speed

TLS 1.3 offers faster speed in comparison to TLS 1.2 for the acceleration of encrypted connections stems.  ‘0- Round Trip Time Resumption’ (0-RTT) turns TLS 1.3 faster as it supports near-immediate session recommencement for visitors who have just visited the same website. Such speed alteration of TLS 1.3 is pretty much perceptible on the SmartPhone networks and at scale.
In TLS 1.3, it takes one RT (round trip) from both sides i.e. client and server to complete one handshake whereas in TLS 1.2 the number of negotiation is decreased to 2 RT against the need of 4. Hence, the speed of the web browser is slower than TLS 1.3.

Ways to resume a connection

In TLS 1.3, the pre-shared key is required to resume a connection whereas TLS 1.2 uses different approaches to resume a connection i.e. session tickets and session IDs, etc. Both the client (web browser) and the server produce session keys to use at the time of a connection. Once they’re connected, they can use an equal function to produce “Resumption Master Key” which enables 0-RTT.
This resumption master key is utilized to encrypt web application data for the server throughout the session ticket when both the client and the server need to resume a session. Then, it’s validated by the server and the session resumes the connection.

Level of Security

With the use of TLS 1.2, the webmasters and system administrators fought back to over and over again configure properly and thus established connections to websites susceptible to attacks such as the RC4, and BEAST exploits, etc. But, TLS 1.3 has replaced the insecure characteristics that caused these problems, including SHA-1, MD5, DES, RC4, and AES-CBC, etc.

Cipher Suites

The TLS 1.2 and its previous versions use only 4 Cipher Suites whereas the TLS 1.3 supports 5 cipher suites that do not consist of key exchange and signature algorithms.
The severe drawback in TLS 1.2 is different cipher combinations scare both the parties i.e. server and client involving in the handshaking, and no proper guidance in selecting cipher suite for improved security.

The 5 different cipher suits of TLS 1.3

TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_AES_128_CCM_8_SHA256
TLS_AES_128_CCM_SHA256
Please note, the Static RSA and Diffie-Hellman cipher suites have been replaced; and all public-key based key exchange mechanisms are now incorporated to provide advanced secrecy.

Other algorithm changes in TLS 1.3

The list of sustained symmetric algorithms has been trimmed of all legacy algorithms and the enduring AEAD algorithms. All handshake messages are now getting encrypted only after the ServerHello.
Key derivation functions with the HMAC type Extract-and-Expand Key Derivation Function (HKDF) is used as a primitive function with re-assignment. The handshake state machine has been rebuilt to be steadier and take away surplus messages. ECC is now in the base specification and consists of new signature algorithms in TLS 1.3. From this latest version, point format negotiation has been replaced in favor of a distinct point format for every single curve. Firmness, customized DHE groups, and DSA have been replaced; RSA padding now utilizes PSS in TLS 1.3.

Overall, TLS 1.2 version negotiation authentication method was condemned in good turn of a version list in an addition. Session continuation with and without server-side position and the PSK-based cipher suites of previous versions of TLS have been replaced by a single new PSK substitute in TLS 1.3. Hope, the reader could understand the importance of TLS 1.3 well.
Share

Anjan kant

Outstanding journey in Microsoft Technologies (ASP.Net, C#, SQL Programming, WPF, Silverlight, WCF etc.), client side technologies AngularJS, KnockoutJS, Javascript, Ajax Calls, Json and Hybrid apps etc. I love to devote free time in writing, blogging, social networking and adventurous life

Post A Comment:

0 comments: