← Lessons

quiz vs the machine

Platinum1860

Networking

The TLS Improvements in Version 1.3

Fewer round trips, fewer footguns, stronger defaults.

6 min read · advanced · beat Platinum to climb

A Cleaner Protocol

The newest major version of TLS, version one dot three, was a deliberate cleanup of years of accumulated risk. It made the handshake faster and removed many weak options that older versions kept for compatibility.

A Faster Handshake

Older TLS needed two round trips before data could flow. The new version cuts this to one round trip by sending a key share in the first message.

  • The client guesses the key exchange and sends a share immediately.
  • The server replies with its share and the handshake is nearly done.
  • Resumed connections can even send early data in the first flight.

Stronger Defaults

The cleanup removed dangerous flexibility that had caused real attacks.

  • It dropped static key exchange, so every session has forward secrecy.
  • It removed old ciphers, weak hashes, and compression that leaked data.
  • It encrypts more of the handshake, hiding the certificate from observers.

Negotiation Without Downgrade

The version also resists downgrade attacks where an attacker forces weaker options. Built in signaling lets each side detect tampering with the version choice, so a man in the middle cannot quietly push both parties to a weaker mode.

Key idea

TLS version one dot three trims the handshake to one round trip, makes forward secrecy mandatory, removes weak ciphers and compression, encrypts more of the handshake, and signals against downgrade attacks.

Check yourself

Answer to earn rating on the learn ladder.

1. How many round trips does the newer TLS handshake need before data flows?

2. Which weak feature did the newer TLS remove to ensure forward secrecy?

3. How does the newer TLS resist downgrade attacks?