Security

TLS 1.3

2018 redesign of Transport Layer Security.

In plain terms

1-RTT handshake, AEAD-only ciphers, mandatory ECDHE, PSK resumption. The standard.

Origin

RFC 8446, published August 2018, after ~30 working group drafts. Eric Rescorla shepherded it through the IETF. A near-rewrite of TLS 1.2 — handshake compressed to 1 RTT (0-RTT optional), all non-AEAD ciphers removed, RSA key transport gone.

Where it shows up in production

Most of the web Cloudflare, AWS, Google, Akamai all default to TLS 1.3 with 1.2 fallback.
HTTP/3 QUIC mandates TLS 1.3 — there is no other option. Integrated into the transport.
Signal Protocol Uses TLS 1.3-style key derivation primitives (HKDF) for the Double Ratchet.

On Semicolony

Guide https Simulator tls handshake

Sources & further reading

RFC RFC 8446 — TLS 1.3
Docs The Illustrated TLS 1.3 Connection
Blog Cloudflare — A Detailed Look at RFC 8446

Found this useful?