Still, two of the biggest browsers in the world already support it. Google added support months ago<\/a> and Mozilla announced its addition of TLS 1.3 support<\/a> to its Firefox browser on Monday. <\/span><\/p>\n\n\n\n As Mozilla’s Eric Rescorla wrote:<\/p>\n\n\n\n TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded \u201cdraft\u201d versions. Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). We expect to ship the final version in Firefox 63, scheduled for October 2018. Cloudflare, Google, and Facebook are running it on their servers today. Our telemetry shows that around 5% of Firefox connections are TLS 1.3. Cloudflare reports similar numbers, and Facebook reports<\/a> that an astounding 50+% of their traffic is already TLS 1.3!<\/p>\n<\/blockquote>\n\n\n\n While some of the biggest sites on the internet have already updated their servers, the proliferation of the new standard will likely only be as fast as other sites add support server-side.<\/p>\n\n\n\n The following post originally ran on April 4th when the standard was first finalized as draft 28. The same version Firefox is adding support for. It has <\/em>been updates to reflect any changes to the published standard.<\/em><\/p>\n\n\n<\/span><\/span>\n\n\n\n After four years, 28 drafts, tons of middleboxes, and some last-minute guest-appearances<\/a>; the road to making TLS 1.3 a web standard was nothing less than a soap opera. But finally, the IETF (Internet Engineering Task Force) has given its approval to the new standard.<\/p>\n\n\n It was approved in the task force\u2019s meeting in London last week (Spring ’18). Many weren\u2019t expecting TLS 1.3 to get approved considering the last-minute “concerns<\/a>” raised by the banking industry as well as some other groups. But, ignoring those calls, the IETF passed the 28th<\/sup> draft of TLS 1.3, anyway. [Update:<\/strong> The new standard was published as RFC 8446 on 8\/10\/18<\/em>]<\/p>\n\n\n\n It is no surprise that the pro-security community is rejoicing at the moment. Why wouldn\u2019t they? After all, TLS 1.3 brings a host of security and performance advancements.<\/p>\n\n\n\n To get the new standard approved, it had to be passed by the Internet Engineering Steering Group (IESG), a wing of IETF. In the words of Adam Roach, a principal engineer at Mozilla, the level of support for 1.3 in the IESG was \u201cunusually high.\u201d Out of the thirteen members who voted, eight members voted in favor of it while five opted for \u2018no objection.\u2019<\/p>\n\n\n\n TLS 1.3 is designed in cooperation with the academic security community and has benefitted from an extraordinary level of review and analysis. This included formal verification of the security properties by multiple independent groups; the TLS 1.3 RFC cites 14 separate papers analyzing the security of various<\/a> aspects<\/a> of the protocol.<\/p>\n<\/blockquote>\n\n\n\n Beyond the review and analysis, 1.3 was also tested extensively to ensure the standard can be used for as long as possible. As the IETF reports<\/a>:<\/p>\n\n\n\n TLS 1.3 was a primary focus of the IETF 98 Hackathon project that brought together people who work on web browsers, websites, and the Internet of Things. This collaboration helps demonstrate interoperability, catch documentation and implementation bugs, and ultimately ensure the specification provides a solid reference for others looking to implement TLS 1.3.<\/p>\n<\/blockquote>\n\n\n\n Here’s a quick video courtesy of the IETF:<\/p>\n\n\n\n\n
TLS 1.3 was finalized in April<\/h2>\n\n\n\n
![\"TLS](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/08\/IETF_Logo.svg-300x160.png\"){kind=logo}
<\/figure>\n<\/div>\n\n\nTLS 1.3 Passed with Unprecedented Support<\/h2>\n\n\n\n
\n
\n