This also means that this site and (most of) the services I run, now support TLS 1.3.
TLS 1.3 is the latest version of the TLS protocol, with many improvements.
These improvements include:
- Mandatory perfect forward secrecy
- Weak hash functions and ciphers got removed
- Dropped support for many insecure or obsolete features including compression, renegotiation, non-AEAD ciphers, non-PFS key exchange, custom DHE groups and more
- And more (full list)
Not only is TLS 1.3 exciting because it improves the security of TLS but it also increases performance greatly.
This is achieved by (1) removing a whole round-trip in the TLS handshake and (2) implementing 0-RTT, a feature that makes it possible to resume a TLS connection, which allows another round-trip to be eliminated (read more about 0-RTT here).
To wrap it up TLS 1.3 improves security and is a lot faster than TLS 1.2 which I think is really awesome.