At the IETF 101 meeting in London last week, the Internet Engineering Task Force (IETF) approved the latest version of the Transport Layer Security Protocol, i.e., TLS 1.3.
You might be knowing that TLS is the successor of the SSL protocol (now discontinued) that adds a layer of encryption to the connections between your device and HTTPS websites or other HTTPS services you visit over the internet.
The latest development comes after 27 drafts created over the past four years of development and discussion. The final 28th draft of TLS 1.3 improves network security by deprecating MD5 encryption and SHA-224 hashing algorithms for more secure options like ChaCha20, Poly1305, Ed25519, x448, and x25519.
TLS 1.3 will cut down on connection time by facilitating faster handshakes between client and server devices. Further, it implements features like TLS False Start and 0-RTT (Zero Round Trip Time) to reduce latency and connection time for devices that have contacted in the past.
The latest version of the TLS protocol also comes with countermeasures against protocol downgrade attacks. These are leveraged by hackers to deceive servers that an older (and vulnerable) version of the protocol is being used.
The IETF has given the go-ahead to TLS 1.3 recently, but earlier drafts of the security protocol have already found support in popular browsers like Chrome, Firefox, etc. However, the incompatibility with some middleboxes (like Blue Coat web proxies) and issues faced by users was the reason the TLS 1.3 was removed as the default protocol.
Now, with the official nod, various web browsers will add support for TLS 1.3 in the coming future.