It’s been a decade since the last encryption protocol update and TLS 1.3 will be rolling out in major browsers such as Firefox and Chrome within the next month or so. It’s already in beta, but the full release is coming very soon as the protocol was finalised in August of this year. Now we’re just waiting for the browsers and servers to play catch up.
The Transport Layer Security (TLS) protocol update included various security and performance improvements over TLS 1.2 and will be a welcomed update by webmasters and users worldwide. TLS ensures secure communication between web browsers and hosting servers. This is of course assuming your website is secure and you’re utilising an SSL certificate to provide your users with a safer browsing experience, which by now you should be!
Shake my hand. No, Seriously.
For SSL/TLS negotiations to work there needs to be an algorithm to follow.
- Client Says Hello – Hi, I’d like to set up an encrypted session please.
- Server Says Hello Back – Hello! Let’s use this cipher suite
- Client Authenticates Itself – Sure. I’m just going to verify your server’s certificate
- Server Confirms – Okie dokie. Here’s my private keys. I’ll use these to decrypt the pre-master key.
- Both Client & Server Now Have a Secure Connection.
Ok, so this is a basic way of looking at it, but the point of this article is about the improvements of TLS 1.3 and not to delve into technical detail of how the handshake is performed.
When you browse the web and you visit a secure site with the little green padlock, it essentially means that data sent over the HTTP protocol is encrypted. That’s why you should never enter sensitive data into a browser if it’s not secure. Because it has the potential to be intercepted. No padlock? Don’t enter anything you wouldn’t want random people to know. That’s the simple way of looking at it.
When you visit a secure website, the process of a handshake essentially means that the two parties (Client & Server) verify themselves and negotiate on how they’ll proceed. The negotiation can include things such as what cipher suite they will use to encrypted data being sent back and forth between the browser and hosting server. This process of a handshake is normally automated and happens in the background. In fact, next time you visit a website that’s secure, quickly look in the bottom left of your browser as the page is loading and you’ll see it mention that it’s performing a handshake.
TLS 1.3 Introduces a Faster Handshake
We live in a society where every millisecond is important let alone seconds. Especially when it comes to technology, yet we’re always looking for ways to improve our websites speed and rightly so. We all want to improve conversions and get customers to stay on our website for longer. Thankfully one of the advantages of using TLS 1.3 is that the handshake process is now faster as less round trips are needed thanks to a new algorithm and new features such as TLS false start and Zero Round Trip Time (0-RTT)
Zero Round Trip will act a bit like cache. When you visit a website you’ve been on before, it’s faster to load right? Well in the same way cache helps by saving certain data from sites you’ve visited before, so will 0-RTT. On sites you’ve previously visited, the client will be able to send data to the server in it’s first message. Essentially improving load times even more.
TLS 1.3 also brings with it improved security by removing obsolete and vulnerable features from TLS 1.2 which is very outdated.
TLS 1.3 Browser Support
This should be rolling out within the next month on all major browsers.
TLS 1.3 Server Support
You can see if your current hosting provider has support for TLS 1.3 by entering your domain at SSL Labs and scrolling down to Protocols when the test has completed. Not all hosting providers are on board yet so it’s worth checking.
If your hosting provider doesn’t support TLS 1.3, we recommend SiteGround. They always stay ahead of the game when it comes to hardware and software development and are very competitively priced. Our readers can also get 60% off their SiteGround hosting upon signup.