Why use TLS 1.3
TLS stands for Transport Layer Security, and it is one of the building blocks of security on the internet.
Like other protocols, TLS has gone through a number of versions: 1.0 (1999), 1.1 (2006), and 1.2 (2008). And in August of 2018, the IETF has finally given the okay to the TLS 1.3 protocol.
Compared with TLS 1.2, TLS 1.3 brings 2 big changes:
- Speed TLS 1.3 speeds up the TLS handshake. TLS encryption and decryption previously takes lots of resource and time to perform because it requires extra CPU time and additional latency to perform TLS operations. Even a normal TLS 1.2 handshake consists of around 5-7 packets transferred back and forth between the client and server, which adds unnecessary overhead and latency. TLS 1.3 reduces the number of packets needed for a handshake to 0-3. TLS handshakes in TLS 1.3 only require one round trip (or back-and-forth communication) instead of two, shortening the process by a few milliseconds. And in cases when the client has connected to a website before, the TLS handshake will have zero round trips. This makes HTTPS connections faster, cutting down latency and improving the overall user experience.
- Security Some of the less secure ciphers in previous versions including RC4, CBC, SHA1, MD5, etc. dropped in TLS 1.3, and many of the major vulnerabilities in TLS 1.2 had to do with older cryptographic algorithms that were still supported. TLS 1.3 drops support for these vulnerable cryptographic algorithms, and as a result it is less vulnerable to cyber-attacks.
AppScaler supports TLS 1.3 in both virtual appliance and hardware appliance (with SSL Acceleration Card).
Implementation Procedures
- Login WebUI
- In SLB->Virtual Service and go to the virtual service you are going to set TLS 1.3, click edit icon in Action column
- Select General Properties tab and click Edit button besides SSL Acceleration
- In Edit SSL Offloading Configuration modal, select TLS 1.3 checkbox in SSL/TLS protocol section
- Click Save button