Routee upgrades security standards with TLS 1.3 protocol
The TLS 1.3 protocol is now available for all Routee services. The update will be installed automatically. In case is not, οur Routee experts will provide customers with guidance in every step of the process, to safely and easily update to the latest version of TLS and enjoy services that are more secure and faster than ever.
What is the TLS protocol?
TLS stands for Transport Layer Security and is the successor to SSL (Secure Sockets Layer). TLS provides secure communication between web browsers and servers. The connection itself is secure because symmetric cryptography is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret negotiated at the beginning of the session, also known as a TLS handshake.
The History of TLS protocol
TLS has its roots in a protocol called Secure Sockets Layer (SSL) which began in the mid-nineties at Netscape. By the end of the 1990s, Netscape handed SSL over to the IETF, who renamed it TLS and has been the administrators of the protocol ever since.
TLS 1.2 was published ten years ago to address weaknesses in TLS 1.0 and 1.1 and has enjoyed wide acceptance since then.
These old versions of TLS rely on MD5 and SHA-1, both now broken, and containing other flaws.
TLS 1.0 is no longer PCI-DSS compliant, so the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
What are the benefits of TLS 1.3 compared to the previous version, TLS 1.2?
TLS 1.3 contains enhanced security and speed. Compared to TLS 1.2 it is much better for the following reasons:
- The list of supported symmetric algorithms is clipped of all legacy algorithms. The left algorithms all use Authenticated Encryption with Associated Data (AEAD) algorithms.
- A zero-RTT (0-RTT) mode is added, saving a round-trip at connection setup for some application data at the cost of certain security properties.
- Static RSA and Diffie-Hellman cipher suites are removed.
- All handshake messages after the “ServerHello” are now encrypted.
- Key derivation functions are re-designed, with the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) being used as a primitive.
- The handshake state machine is restructured to be more consistent and remove superfluous messages for greater efficiency.
- ECC is now in the base spec and includes new signature algorithms. Point format negotiation is removed in favor of a single point format for each curve.
- Compression, custom DHE groups, and DSA are removed, and RSA padding now uses PSS.
- The TLS 1.2 version negotiation verification mechanism is deprecated in favor of a version list in an extension.
- Session resumption with and without server-side state and the PSK-based cipher suites of earlier versions of TLS are replaced by a single new PSK exchange.
What’s next for your business?
Τhe latest version of TLS, the TLS 1.3 protocol, will provide you and your business significant security and ensure performance improvements on all Routee services. Get started!