Embracing TLS 1.3 and 1.2 is essential for ensuring the highest level of online security and performance. These updated versions offer faster and more secure connections, safeguarding user data from potential threats. By transitioning to these protocols, we're not only enhancing the speed of our online interactions but also fortifying our digital defenses, making our online experiences both swift and safe.
Why we are migrating exclusively to TLS 1.3
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is paramount. As part of our commitment to ensuring the utmost security and optimal user experience for our clients, we are transitioning to exclusively supporting TLS 1.3 and TLS 1.2.
Understanding the Shift: TLS 1.3 vs. TLS 1.2
TLS (Transport Layer Security) is the modern successor to SSL and is used by HTTPS and other network protocols for encryption. The latest version, TLS 1.3, was introduced by the Internet Engineering Task Force (IETF) in August 2018, succeeding TLS 1.2 which had been standardized a decade earlier in 2008.
The primary distinctions between the two versions lie in their speed and security. TLS 1.3 has dropped support for older, less secure cryptographic features, making it inherently more secure. Additionally, it has introduced faster TLS handshakes, which now require just one round trip instead of two. This enhancement not only reduces latency but also significantly improves the overall user experience.
Why the Move to TLS 1.3 is Crucial
- Enhanced Speed and Performance: One of the standout features of TLS 1.3 is its ability to complete TLS handshakes in a single round trip, as opposed to the two required by TLS 1.2. This results in faster HTTPS connections, reducing latency and offering a smoother user experience.
- Bolstered Security: TLS 1.2, despite its widespread use, had vulnerabilities stemming from its support for older cryptographic algorithms. TLS 1.3 has eliminated these vulnerabilities by dropping support for these outdated algorithms, making it less susceptible to cyberattacks.
- Adapting to the Times: Software development is an ever-evolving field. As systems become more complex, they inevitably require updates and improvements. By transitioning to TLS 1.3, we are ensuring that our systems are equipped with the latest and most secure protocols, safeguarding our clients' data and trust.
The Role of Ciphers in Secure Communication
Ciphers play a crucial role in the encryption process. They are algorithms that transform data into a format that can only be read if decrypted. When a user attempts to establish a secure connection to a server, both the user's browser and the server possess a list of ciphers that they support. The security of the connection largely depends on which cipher is chosen for the communication. The following ciphers are used by IHRDC and its product web applications:
Negotiating the Best Cipher
The process of selecting a cipher is known as cipher suite negotiation. Here's how it works:
- Initiation: When a browser connects to a server, it sends a list of ciphers it supports in the order of preference.
- Server Selection: The server, upon receiving the list, picks the highest-preference cipher that it also supports.
- Establishment of Connection: Once both parties agree on a cipher, they use it to secure their communication.
The following is a list of common web browsers IHRDC sees on a regular basis launching our websites along with the ciphers that are usually negotiated by default:
It's worth noting that with the introduction of TLS 1.3, the list of supported ciphers has been streamlined to include only the most secure options. This ensures that even if an older, potentially less secure cipher is preferred by a browser, the server will default to a more secure option, enhancing the overall security of the connection. For more technical information see this page written by our service provider Cloudflare
Why Cipher Negotiation Matters
The negotiation process is vital for a few reasons:
- Optimal Security: By allowing both parties to select the most secure cipher they mutually support, the data remains as secure as possible.
- Compatibility: Some older browsers or servers might not support the latest ciphers. The negotiation ensures that they can still establish a secure connection using the best available option.
- Performance: Different ciphers have varying computational requirements. The negotiation process ensures a balance between security and performance.
Our decision to move exclusively to TLS 1.3 and TLS 1.2 is a testament to our dedication to providing the best services to our clients. By embracing the latest advancements in cybersecurity, we aim to offer a seamless and secure digital experience for all our users.