Most Of The World Will Have Access To TLS 1.3 On April 5th
OpenSSL TLS 1.3 will release in April.
We have been talking about TLS 1.3 for a while. It the first new version of the TLS protocol in nearly a decade and is going to be a huge leap forward for the industry. It is sort of like releasing a decade’s worth of advances and improvements in cryptography all at once.
The IETF (Internet Engineering Task Force) is in charge of designing the TLS protocol. They have almost finished version 1.3’s protocol specification – which is currently in “Last Call,” meaning that they are soliciting final comments from the community before officially stamping it as complete.
But the TLS 1.3 protocol specifications only tells you how TLS 1.3 should work. It’s essentially a manual that anyone who wants to implement TLS 1.3 needs to follow. Which means that “finishing” the protocol does not get us any closer to actually using it. The code still needs to be written, and existing TLS libraries need to be updated and deployed.
There have been some early adopters of TLS 1.3. Cloudflare is already using the protocol despite it not being officially finalized, and some libraries have already been updated. However, the most widely used TLS library, OpenSSL, has not.
This means that most websites won’t be able to use TLS 1.3 until OpenSSL adds support, regardless of when the IETF finalizes the spec. There had been some speculation that this could take more than 6 months.
But Rich Salz recently shared good news about TLS 1.3 support in OpenSSL. Salz works on the OpenSSL development team and is an employee at Akamai (a major CDN/Cloud-computing provider). Last week he announced that Akamai would be sponsoring the development of TLS 1.3 support for OpenSSL. As an open-source project, OpenSSL relies on donations and sponsorships to support continued development.
In addition, the OpenSSL team has committed to a release date. TLS 1.3 will be added to OpenSSL 1.1.1, which will be released on April 5th, 2017.
When OpenSSL 1.1.1 releases in April, the internet won’t magically flip over to TLS 1.3 overnight. The millions of websites using OpenSSL will first need to update to the new version. For those working with more complicated stacks, major version updates are no small feat.
But the good news is that OpenSSL 1.1.1 will be fully compatible with the current release, 1.1.0. That’s why Salz recommends that you get version 1.1.0 in place now, and when 1.1.1 is released, you can “drop it in” and immediately have TLS 1.3 support.
The industry has been brimming recently over the adoption of TLS 1.3. This announcement from OpenSSL and Akamai is a major step in making that a reality.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown