TLS 1.3, finalized in 2018, is a major overhaul of the protocol that secures HTTPS. It is faster, simpler, and removes decades of cryptographic cruft. Here is how it works.
TLS 1.2 vs 1.3: Handshake Comparison
TLS 1.2: 2 round trips before sending encrypted data:
- ClientHello โ ServerHello (cipher negotiation)
- Key Exchange โ Finished
TLS 1.3: 1 round trip (sometimes 0):
- ClientHello includes key share โ Server responds with its key share + encrypted data
Removed: RSA Key Exchange
TLS 1.2 allowed RSA key transport: the client encrypts the pre-master secret with the server public key. If the server private key is ever compromised, all past sessions can be decrypted.
TLS 1.3 mandates (EC)DHE โ each session generates ephemeral keys that are discarded afterward. This provides Perfect Forward Secrecy (PFS).
Simplified Cipher Suites
TLS 1.2 had hundreds of cipher combinations, many insecure. TLS 1.3 has only 5 cipher suites. All use AEAD encryption (AES-GCM or ChaCha20-Poly1305) and (EC)DHE key exchange.
0-RTT Resumption
When reconnecting to a server you have visited before, TLS 1.3 can send encrypted application data in the very first packet โ zero round trips of latency.
This uses a Pre-Shared Key (PSK) from the previous session. The tradeoff: 0-RTT data can be replayed by an attacker, so it should only contain idempotent requests.
Encrypted Handshake
In TLS 1.2, the certificate and other handshake messages were sent in plaintext. This allowed passive observers to see which site you were connecting to.
TLS 1.3 encrypts the handshake after the initial key exchange, hiding the server certificate from eavesdroppers.
Checking TLS Version
Modern browsers show TLS version in DevTools (Security tab). Our homepage also displays your HTTP version, which typically implies TLS 1.3 for HTTP/2 and HTTP/3 connections.