In August 2018 the final version of TLS 1.3 was published. It is the first major update to the protocol in over eight years. It involves massive improvements in both performance and security over its predecessor TLS 1.2.
As a wao.io customer you can now benefit from the increased security and faster loading time as TLS 1.3 is enabled on our platform, no matter if you use our default or more strict TLS settings if you need to comply with PCI DSS.
What is TLS
Transport Layer Security (TLS), and its now-deprecated predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
TLS contributes to the security of the data of your online business and the data of your customers by encrypting traffic sent via HTTPS.
When it comes to performance, TLS 1.3 features a drastic decrease in page load time as it removes one full network round trip during the initial handshake which is needed to establish a secure connection.
When you connect to an encrypted website via HTTPS, no actual data is sent before the setup of the secure connection is complete. Every round trip that is needed to establish this connection adds to the delay before your site starts loading for the user.
Most notably this affects mobile users, as mobile connections often have a latency of multiple hundred milliseconds for a single round trip which can quickly add up to a whole second of waiting time if multiple round trips are required.
Zero Round Trip Time (0-RTT)
These improvements for the handshake only speed up the connections for clients visiting your site for the first time or revisiting after some time has passed. For established connections, however, TLS 1.3 offers an additional option: Zero Round Trip Time (0-RTT) also called “early data”. It radically speeds up resumed connections. This also comes in especially handy for high-latency mobile connections.
Early data works by simply sending encrypted data with the first resumed connection without waiting for any round trip.
This presents one caveat, data sent using 0-RTT is prone to Replay attacks. Therefore it is important to ensure that the server only executes operations received via 0-RTT data that are idempotent e.g. HTTP GET requests. For all other operations, the server should force the client to perform a full handshake with one round trip. In most cases, the first request a client sends is not a state-changing transaction, but instead something idempotent like an HTTP GET request.
wao.io enables this feature in addition to TLS 1.3 for your site, but only for safe HTTP methods. This means all methods considered harmless can use 0-RTT, while all requests that use other methods receive a “425 Too Early” response and require a full handshake. The full handshake is automatically performed by all browsers with TLS 1.3 compatibility when they receive an “Error” 425.
In addition we send a header “Early-Data” with the value “1” to the origin in case the request was performed using a 0-RTT connection to signal this to the origin server if you require further handling in your application.
Security – less is more
TLS 1.3 removes all features and methods, that could possibly result in insecure configurations and made servers vulnerable to a plethora of vulnerabilities and attacks of the recent years like DROWN, POODLE, SLOTH, CRIME and others.
The good news is, as a wao.io customer you have always been on the safe side, as we continually update our server configuration and follow industry best practises even before the introduction of TLS 1.3.
Chrome supports draft versions TLS 1.3 since Chrome 65. The final version will be enabled by default in Chrome 70 which will be released in October 2018.
Support in Firefox is similar, draft support is enabled version 52 and Firefox 63 (also to be released in October 2018) will ship with the final version of TLS 1.3.
Opera, Safari and Edge do not support TLS 1.3 at the moment.
Following the next months, we will see a continuous increase in TLS 1.3 encrypted traffic as browser vendors release their new versions and users update their browsers.
With wao.io you are already prepared!
In an earlier version of this article the section about TLS 1.3’s 0-RTT feature suggested we allow all HTTP methods for connections using early data on wao.io. This is not the case as we only allow a subset of all available methods that is considered safe by the IETF. We updated the section accordingly.