Minor changes can be incorporated as “extensions” (such as OCSP and Certificate Transparency) while larger and more fundamental changes often require a new version. The protocol is very flexible and can evolve over time in different ways. TLS currently has three versions: 1.0, 1.1 and 1.2. The TLS protocol was adapted from an earlier protocol, Secure Sockets Layer (SSL), in the late 1990s. The Transport Layer Security protocol, TLS, is the workhorse that enables secure web browsing with HTTPS. How version negotiation used to work in TLS To help support this discussion with data, we built a tool to help check if your network is compatible with TLS 1.3: How and why this happened is the multifaceted question I will be exploring in this blog post. The deeper truth of the story is that TLS 1.3, as it was originally designed, was incompatible with the way the Internet has evolved over time. However, simply blaming network appliance vendors would be disingenuous. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3.
The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default. We expected the client side would follow suit and be enabled in all major browsers soon thereafter. Last year, Cloudflare was the first major provider to support TLS 1.3 by default on the server side. Transport Layer Security (TLS), the protocol that keeps web browsing confidential (and many people persist in calling SSL), is getting its first major overhaul with the introduction of TLS 1.3. The Internet is in the middle of such an upgrade right now. You need to update clients and servers and make sure everything in between continues to work correctly. Upgrading a security protocol in an ecosystem as complex as the Internet is difficult.
0 kommentar(er)
