Most people want their email, web browsing activity, and messages to be private, so that they’re only readable by the intended recipients. Your data should be protected when sent across networks so no one can read it. Using strong encryption can help achieve this goal. You might even be using Transport Layer Security (TLS) encryption to read this blog post.

When implementing network security controls, you have choices for how to use encryption. This post explores why TLS 1.3 is currently a robust option for protecting communication across the internet, so that data is encrypted when transmitted across networks.

 

What is Encryption?

Encryption is the process of converting readable, plain text data into obfuscated data (cipher text) using a cryptographic protocol, so that the data can only be accessed when a person or system has the right key. An encryption key operates like the key to a digital vault containing the data.

 

What is TLS 1.3?

TLS is a cryptographic protocol for enhancing security and privacy for data transmitted over a computer network. The protocol is defined by the TLS workgroup within the Internet Engineering Task Force (IETF), an organization focused on defining standards for the internet. TLS 1.3 allows applications to communicate over the internet in a way that’s designed to prevent eavesdropping, tampering, and message forgery. This standard defines the following aspects:

  • Authentication requirements to establish a connection through a handshake
  • Key exchange features and algorithms and methods
  • List of supported cipher suites

 

Benefits of TLS 1.3 compared to TLS 1.2

TLS 1.3 is more secure by default: TLS 1.3 cipher suites and encryption algorithms are more secure to help keep your data private for longer. TLS 1.3 was created after TLS 1.2. It was designed to avoid vulnerabilities discovered in TLS 1.2 and vulnerabilities in some encryption algorithms it supports. As a result, TLS 1.3 has a smaller attack surface than TLS 1.2.

 

A computer and a shield with icons Description automatically generated

 

TLS 1.3 is harder to make insecure: TLS 1.2 was originally released in 2008 and has features that are now outdated or no longer secure. TLS 1.3 default configuration features are more secure, and it’s more difficult to configure TLS 1.3 to be insecure.


 

TLS 1.3 is faster: TLS 1.3 streamlined the handshake to require less messaging back and forth when establishing a connection, reducing wait time when first connecting. TLS 1.3 incorporates newer techniques and algorithms to avoid process bottlenecks and wasted compute time.


A person in a red body suit skating on ice Description automatically generated

 

TLS 1.3 is better prepared for the future: TLS 1.3 was designed for improved cryptographic agility, making changing cryptographic algorithms and key lengths easier, if needed to help retaining the same level of data protection. TLS 1.3 uses perfect forward secrecy to help keeping your data secure for longer by creating a new encryption key frequently, so that each key is used to encrypt only a small amount of data.


 

 

Supporting both TLS 1.2 and TLS 1.3

Using TLS 1.3 as the default has numerous advantages in security and performance. However, supporting both TLS 1.2 and 1.3 can give you an added layer of security because a vulnerability in one is less likely to be in the other because of the design and operational differences.  

 

Our Recommendations

Explore guidance from government agencies for protecting data with encryption, including the following special publications and UK National Cyber Security Centre’s IT Security Guidelines for Transport Layer Security (TLS):

 

Enable TLS 1.3 where the technology supports it, such as Database 23ai, Java, Linux, WebLogic and Oracle Cloud Infrastructure Load Balancer, Fusion Cloud Applications API, and NetSuite Applications Suite. Learn about cryptographic agility, the ability to switch encryption methods.

 

To learn more about the IETF and concepts in this post, see the following resources: