TLS 1.3 RFC Draft Published
The Internet Engineering Task Force (IETF) has published an RFC for version 1.3 of the venerable Transport Layer Security (TLS) protocol. A yearslong process, this upgrade addresses a number of flaws identified in the previous version.
The internet is about to get a little safer, and a little faster.
Articles About The New Spec
These articles do a much better job summarizing the changes than I could here:
- IETF Blog - straight from the horse’s mouth.
- Cloudflare - a really digestible technical overview of the important changes.
- CNET - less technical but still good.
Short Summary of TLS 1.2 Exploits
Perhaps the most notable vulnerability, Hearbleed, was disclosed in 2014. However, there have been a number of disclosed vulnerabilities since.