TLS:修订间差异

来自WHY42
Riguz留言 | 贡献
Riguz留言 | 贡献
无编辑摘要
第17行: 第17行:


[[Image:tls1.3-handshake.webp|600px]]<ref>https://www.a10networks.com/glossary/key-differences-between-tls-1-2-and-tls-1-3/</ref>
[[Image:tls1.3-handshake.webp|600px]]<ref>https://www.a10networks.com/glossary/key-differences-between-tls-1-2-and-tls-1-3/</ref>
Ref:
* [https://datatracker.ietf.org/doc/html/rfc8446 RFC8446 - The Transport Layer Security (TLS) Protocol Version 1.3]


[[Category:Network]]
[[Category:Network]]

2024年1月29日 (一) 19:28的版本

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

  • SSL 3.0 1996 Deprecated in 2015 (RFC 7568)
  • TLS 1.2 2008 In use since 2008
  • TLS 1.3 2018 In use since 2018

TLS 1.3

TLS 1.3 is the latest version of the TLS protocol. TLS, which is used by HTTPS and other network protocols for encryption, is the modern version of SSL. TLS 1.3 dropped support for older, less secure cryptographic features, and it sped up TLS handshakes, among other improvements.

TLS 1.3 was defined in RFC 8446 in August 2018. It is based on the earlier TLS 1.2 specification. Major differences from TLS 1.2 include:

In a nutshell, TLS 1.3 is faster and more secure than TLS 1.2. One of the changes that makes TLS 1.3 faster is an update to the way a TLS handshake works: TLS handshakes in TLS 1.3 only require one round trip (or back-and-forth communication) instead of two, shortening the process by a few milliseconds. And in cases when the client has connected to a website before, the TLS handshake will have zero round trips. This makes HTTPS connections faster, cutting down latency and improving the overall user experience[1].

Many of the major vulnerabilities in TLS 1.2 had to do with older cryptographic algorithms that were still supported. TLS 1.3 drops support for these vulnerable cryptographic algorithms, and as a result it is less vulnerable to cyber attacks.

Handshake

[2]

Ref: