Update: 17th November 2016:
Since publishing this blog post, the OpenSSL Foundation have provided more information on their timetable for implementing TLS 1.3. They intend to have full TLS 1.3 support in the next feature release of OpenSSL 1.1, namely 1.1.1. Further details are available within OpenSSL’s blog post.
Moreover, in late October Mozilla announced that the upcoming version of Firefox 52 set for release in March 2017 will come with TLS 1.3 enabled by default. Firefox 49 was the first version to have this feature built-in but it needed to be enabled within the about:config page of the browser’s settings by setting security.tls.version.max version to value of 4 Firefox 52 will have this setting enabled by default.
On the 25th of August the OpenSSL Software Foundation released OpenSSL 1.1.0 which brought partial support for a working IETF draft of TLS 1.3. OpenSSL 1.1 is one of the largest version changes to have occurred in the history of OpenSSL which is now better funded, has more developers and follows an improved code development process following the discovery of the now well-known Heartbleed vulnerability.
What is TLS 1.3?
Transport Layer Security (TLS) version 1.3 is the most recent version (currently in draft form) of the cryptographic protocol originally based on SSL (Secure Socket Layer) version 2 (from 1995) and v3 from 1996. This is the protocol that protects us when we see the HTTPS displayed in our web browsers address bar. More information on TLS/SSL is available in this podcast, this page and this blog post.
Why Is TLS 1.3 an advancement over TLS 1.2 or 1.1?
TLS 1.3 removes support for known insecure ciphers such as RC4, DES, 3DES and export grade ciphers as well older hashing algorithms e.g. SHA-1 and MD5. These are welcome changes that should help to reduce the possibility of further vulnerabilities such as SWEET32 and FREAK being present within the code of TLS libraries e.g. OpenSSL.
This reduces the attack surface (defined within the second paragraph of this blog post) of TLS 1.3 but the improvements don’t stop there. Cipher suites such as NIST P-256 and AES-GCM are being removed as primitives with only x25519, ChaCha20 and Poly1305 remaining developed by Dan Bernstein (who uses the handle djb).
X25519 is a key exchange protocol (with a similar purpose to Diffie Hellman), ChaCha20 is a stream cipher (a more secure alternative to the older RC4) and Poly1305 is used as a message authentication code (defined) with a view to replacing GCM.
In addition to improved security TLS 1.3 will offer improved performance but protection against reply attacks was still being finalised in the closing months of 2015.
With the many implementation vulnerabilities that have been uncovered in recent years within SSL and TLS the upcoming TLS 1.3 standard is a significant step in the right direction. With web browsers such as Mozilla Firefox, Google Chrome, Microsoft Edge (in progress) and other implementations adding support for TLS 1.3, the new standard is off to a promising start.