Thursday, April 18, 2024

Transport Layer Security (TLS) 1.3 approved by IETF With the 28th Draft

By Guru baran

The much required Transport Layer Security version TLS 1.3 approved finally by IETF after 28 drafts. TLS 1.3 is not a minor redesign, it is a major redesign of TLS 1.2.

Internet Engineering Task Force (IETF) is an open source community of network designers, operators, vendors, and researchers who collaborate to evaluate the standards.

TLS 1.2 was published in August 2008 after a long hold up as of March 21st, 2018, TLS 1.3 has now been concluded, after going into more than four years and 28 drafts. To explore drafts list.

TLS1.3 – Enhanced Security and Speed

Web connections depend on TLS for securing network traffic and TLS 1.3 be a big step to move forward in securing connections with enhanced performance.

With TLS 1.3 forward secrecy is mandatory, which ensures your sessions key will not be compromised even if the private key that present in the server is compromised.

TLS 1.3 removes old and unsafe cryptographic primitives, it is built using modern analytic techniques to be safer, it is always forward secure, it encrypts more data, and it is faster than TLS 1.2.

TLS 1.3 now removes obsolete and insecure features from TLS 1.2, including the following:

SHA-1
RC4
DES
3DES
AES-CBC
MD5
Arbitrary Diffie-Hellman groups — CVE-2016-0701
EXPORT-strength ciphers – Responsible for FREAK and LogJam

It includes new algorithms, such as ed25519, ed448, X25519, X448 ChaCha20/Poly1305.

The TLS 1.3 version requires only a single round trip to set up the connections which give enormous speed for new connections.

TLS 1.3 is designed for speed, specifically by reducing the number of network round-trips required before data can be sent to one round-trip (1-RTT) or even zero round-trips (0-RTT) for repeat connections.

TLS 1.3  approved

TLS 1.3 brings changes in handling Server Name Identification “the SNI value is explicitly specified in the handshake, so the servers do not require to associate the SNI value in the ticket”.

TLS 1.3  approved

Support for TLS 1.3 enabled from Chrome 56 and Firefox 52. There are Three TLS 1.3 servers to play with: https://enabled.tls13.com/, https://www.allizom.org/, and https://tls13.crypto.mozilla.org/.

Managed WAF Protection

Website

Latest articles

Cyber Attack

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...
cyber security

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...
CVE/vulnerability

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...
Cyber Crime

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...
Cyber Security News

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...
Computer Security

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...
cyber security

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]