TLS 1.3 offers improvements over TLS 1.2 such as faster handshake times, simpler cipher suites, and stronger security. TLS 1.3 reduces the number of round trips needed for handshake from two to one, improving performance. It also removes support for vulnerable algorithms and features like renegotiation. While TLS 1.2 is still widely used, migration to TLS 1.3 is growing due to its benefits like reduced latency, improved website performance, and more secure connections. Businesses may need to support both versions during transition to secure communications with legacy systems.

1. TLS 1.2 vs TLS 1.3

2. What is TLS?
Transport Layer Security (TLS) is a foundational technology for online privacy. As
a cryptographic protocol, Transport Layer Security encrypts data and authenticates
connections when moving data over the internet via HTTP—an extension of the
protocol known as HTTPS (Hyper Text Transfer Protocol Secure). When a user visits
a website, their browser checks for a TLS certificate on the site. If one is present, their
browser performs a TLS handshake to check its validity and authenticate the server.
Once a link has been established between the two servers, TLS encryption and SSL
decryption enable secure data transport

3. SSL and TLS?
Transport Layer Security (TLS), Secure Sockets Layer (SSL) is a cryptographic
protocol that extends HTTP to authenticate internet connections and enable
encryption and SSL decryption for data communication over a network. In fact, TLS is
a direct evolution of SSL and introduced to address security vulnerabilities in the
earlier protocol. The differences between the two are relatively minor, such as the
stronger encryption algorithms and ability to work on different ports offered by TLS.
The terms are used somewhat interchangeably, and the same certificates can be
used with both TLS and SSL.

4. TLS 1.2 and TLS 1.3?
TLS version 1.2 was released in 2008. It is currently the most
widely implemented version of TLS. TLS 1.2 offers major
improvements over the older version, TLS 1.1.
A new version of TLS was launched in 2018 – the TLS 1.3
protocol. TLS 1.3 aims to solve all of the problems facing its
older version – TLS 1.2. While TLS 1.2 was a good choice for a
TLS protocol until recently, but now, TLS 1.3 offers a better
solution with a refreshing approach, especially for security-
related matters.
In October 2018, Apple, Google, Microsoft & Mozilla
(responsible for Chrome, Edge, IE, Firefox, and Safari

5. Issues with TLS 1.2 version
The new TLS 1.2 vulnerability, like the old POODLE, allows the
attacker to gain access to encrypted blocks of data – and then
gain exposure to plain text information – using side channels.
The procedure is this: if the victim visits, for example, a
non-encrypted website, malicious JavaScript is injected into
the victim’s browser. Once the browser is infected, a MITM
attack is executed and the attacker can grab the victim’s
cookies and credentials from a secure web session.

6. TLS 1.3 offers several improvements over earlier versions, most notably a faster TLS
handshake and simpler, more secure cipher suites. Zero Round-Trip Time (0-RTT) key
exchanges further streamline the TLS handshake. Together, these changes provide better
performance and stronger security.

7. TLS 1.3 offers faster Handshake
TLS encryption and SSL decryption require CPU time and add latency to network
communications, somewhat degrading performance. Under TLS 1.2, the initial
handshake was carried out in clear text, meaning that even it needed to be encrypted
and decrypted. Given that a typical handshake involved 5 – 7 packets exchanged
between the client and server, this added considerable overhead to the connection.
Under version 1.3, server certificate encryption was adopted by default, making it
possible for a TLS handshake to be performed with 0 – 3 packets, reducing or
eliminating this overhead and allowing faster, more responsive connections.

8. TLS 1.3 offers Simple, Stringer cipher Suites
In addition to reducing the number of packets to be exchanged during the
TLS handshake, version 1.3 has also shrunk the size of the cipher suites
used for encryption. In TLS 1.2 and earlier versions, the use of ciphers
with cryptographic weaknesses had posed potential security
vulnerabilities. TLS 1.3 includes support only for algorithms that currently
have no known vulnerabilities, including any that do not support Perfect
Forward Secrecy (PFS). The update has also removed the ability to
perform “renegotiation,” in which a client and server that already have a
TLS connection can negotiate new parameters and generate new keys, a
function that can increase risk.

9. TLS 1.2 vs
TLS 1.3
Handshake
process

10. TLS 1.2 vs TLS 1.3 version
TLS 1.2 handshake takes two round trips to complete
the TLS handshake, which adds network overhead and
latency to connections. Conversely, the TLS 1.3
handshake requires only one round trip from both
sides. This reduces the total setup time by half and
results in faster, highly-responsive HTTPS
connections.

11. Why to use TLS 1.3
TLS 1.3 takes a significant step forward in enhancing
security. It removes all primitive features that lead
to weak configurations. TLS 1.3 prevents common
SSL/TLS vulnerabilities such as DROWN, POODLE, SLOTH,
CRIME, and more.

12. TLS 1.3 improved performance
The performance improvement in TLS 1.3 is also brought
about by “Zero Round Trip Time Resumption or (0-RTT)”,
which means when a user tries to access a previously
visited website, the connection is instantly resumed
by exchanging the pre-shared keys from the previous
session. As the entire handshake process is
eliminated, the client can send data to the server on
the very first message.

13. TLS 1.3 vs TLS 1.2 comparison
The most important difference is that a TLS version 1.3 handshake takes less
time than a TLS version 1.2 handshake. TLS 1.3 benefits include:
•Reduction of round-trip processing, resulting in a faster handshake
•Improvement of latency times by reducing the number of round trips
•Improvement of website performance and user experience due to reduced
•Use of perfect forward secrecy
•Removal of vulnerable algorithms and ciphers

14. Summary
While TLS version 1.2 is still used, migration to TLS version 1.3 is
picking up steam due to the version’s simplicity, improved performance,
data privacy and security. Properly implemented TLS 1.3 provides a
faster connection which results in reduced latency. Reduced latency
improves website performance and user experience. Simplifying cypher
suites and removing insecure features and other vulnerabilities makes
client-server connections even more secure. Considering that TLS 1.3 is
not backwards compatible with TLS 1.2, businesses should consider
supporting both versions for a certain period to secure data transactions
with legacy systems and applications.

15. THANK YOU
Like the Video and Subscribe the Channel