The Beginning of the End for TLS 1.0/1.1/1.2
So after nearly five years in the making and 28 drafts, the IETF (Internet Engineering Task Force) rolled out the TLS (Transport Layer Security) 1.3 standard an it is now pushing its way to the front of the queue [here]:
The rapid growth has been pushed by browser updates. Overall it fixes many of the recently discovered problems and improves performance (and also dumps legacy methods). A new feature — Zero-RTT (zero round trip time resumption) — has been introduced to speed up things, but could actually be opening up a whole lot of new vulnerabilities.
Forward secrecy
An important update is where static RSA and Diffie-Hellman ciphers have been removed, and where all of the public key methods are now forward secrecy (FS). With this a comprise of the long-term keys will not compromise any previous session keys. For example if we send the public key of the server to the client, and…
