Menu
TLS 1.3 gets early adoption boost through CloudFlare

TLS 1.3 gets early adoption boost through CloudFlare

CloudFlare users will be able to enable the faster and more secure TLS 1.3 protocol on their websites

Website security and performance vendor CloudFlare has made the newest version of the TLS secure communications protocol available to all of its customers.

The TLS (Transport Layer Security) 1.3 specification is yet to be finalized by the Internet Engineering Task Force (IETF), the body that develops internet standards. However, the protocol is already supported in beta versions of Google Chrome and Mozilla Firefox, and it's being hailed as an important step forward in securing internet communications.

TLS 1.3 removes some cryptographic algorithms present in TLS 1.2 that are known to be vulnerable. This makes it easier for server administrators to deploy secure-by-default HTTPS configurations. HTTPS (HTTP Secure) is a mix between HTTP and TLS.

Among the removed features is the RSA key agreement protocol that doesn't support perfect forward secrecy, a property that prevents the decryption of previously captured traffic if the key is compromised in the future.

The new TLS version also removes ciphers that function in cipher block chaining (CBC) mode and are known to be vulnerable to a number of attacks. The RC4 stream cipher, the SHA-1 hash function, and old export ciphers are also out of the specification.

Together, these banned features have been the source for most of TLS' security woes in recent years.

But improved security is not the only benefit of TLS 1.3: The new protocol version also brings a significant performance boost over TLS 1.2 because the handshake process between servers and clients has been cut in half. Furthermore, TLS 1.3 even allows clients to start sending encrypted data directly when reconnecting to a server that it has visited recently.

There's really no reason for server administrators to avoid deploying TLS 1.3 when it's finalized, if their server software will support it. It can be used concurrently with previous TLS versions to maintain compatibility with older clients.

Unfortunately, the adoption of new TLS versions has been slow. TLS 1.2 came out in 2008, and it's currently only supported by 80 percent of the Internet's most visited 140,000 HTTPS websites. It's worrying that 21 percent of those websites also support the insecure SSL version 3 protocol, the predecessor to TLS, which dates back to 1996.

Any effort to speed up the adoption of TLS 1.3 will be a win for internet security, and CloudFlare's decision to add support for it at this early stage will provide a much-needed boost.

CloudFlare already enables HTTPS by default for all websites using its service, without any effort from their owners. All users of its service, free or paid, will now have the option to turn on TLS 1.3 support in the Crypto tab of their CloudFlare dashboard.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments