KeyCDN Launches TLS 1.3 with 0-RTT Support
Have you ever wondered about the security of your online communications? As we increasingly rely on the internet for our daily activities, from shopping to banking, it's important to ensure that our online interactions are protected from prying eyes. That's where TLS (Transport Layer Security) comes in - it's a protocol that provides secure communication over the internet.
It has been quite some time since TLS underwent a major update. TLS 1.2 was defined in RFC 5246 15 years ago, back in August 2008. 10 years later a faster, stronger, and more reliable version of TLS has been released. In 2018 we were very excited to announce that KeyCDN has officially launched TLS 1.3 support for all customers. This brought with it some exciting benefits, which we will discuss throughout this article.
Quick overview of TLS
We've covered the specifics of what TLS is in the past however here's a quick overview of what it entails. TLS stands for Transport Layer Security which is a cryptographic protocol used to increase security over computer networks. It can be used within a variety of applications including: securing of data over HTTPS, FTPS, SMTP, etc.
As a website owner, TLS essentially allows you to deliver your site over HTTPS. This is absolutely essential for a number of reasons:
- Google favors HTTPS-secured sites
- HTTPS is required to use HTTP/2
- HTTPS is required to use Brotli
- HTTPS helps improve performance, security, and trust
If you've never heard of TLS, then maybe you've heard of the term SSL. SSL and TLS are many times used interchangeably, however, SSL is actually an older, less secure version of TLS. That being said, this year in 2018, a brand new version of TLS has been released in which the entire web will now begin migrating towards.
The benefits of TLS 1.3
It's safe to say that after ten years, it was time for a new TLS protocol update. The update brought two important improvements: performance and security.
1. Faster performance
TLS 1.3 improves performance by reducing the number of round trips required for a TLS handshake from two to just one. Although this might not seem like much it can shave several ms off of your site's overall load time.
Additionally, TLS 1.3 also offers another feature called zero RTT (which we explain further below). This feature is great for frequently reoccurring visitors because it allows the browser to remember that a site is trustworthy and therefore doesn't require a round trip at all.
2. Enhanced security
Although TLS 1.2 is quite secure, it can sometimes be tricky to implement. That means that if it isn't properly configured it can open the door to cyber attacks. To offer better protection, version 1.3 has done away with numerous obsolete features that have known vulnerabilities including:
- Arbitrary Diffie-Hellman groups
- Export ciphers
- RSA key transport
TLS 1.3 and zero RTT
First, let's review what RTT is. When you establish a TLS connection with a server, there is a certain amount of back-and-forth communication that needs to happen before the connection is fully established. This is known as the round trip time, or RTT. In previous versions of TLS, each new connection would require at least one round trip, which can add significant latency to the connection.
With zero RTT, TLS 1.3 enables a new feature that allows a client to resume a previous TLS session without the need for a full round trip. This means that if you have previously connected to a website using TLS 1.3, you can resume that connection with zero RTT, saving time and reducing latency.
Basically, there are two different categories when it comes to site visitors:
- First-time visitors or users who haven't visited your site for a long time
- Visitors who return to your site after a short period of time, thus resuming a previous session
In the first scenario, TLS 1.3 offers a nice performance boost over TLS 1.2. With TLS 1.3, the handshake can be completed in just 1 round trip (1-RTT) instead of 2. However, for those who fall into the second category, there are no performance improvements between TLS 1.2 and 1.3. That being said, with the addition of 0-RTT, this changes things.
With 0-RTT, all handshake round trips can be eliminated for existing sessions which are resumed. The specification allows clients to include the actual data (called "early data") as part of the handshake, therefore, no round trips are required in this case. Previously, with TLS 1.2 as well as TLS 1.3 without 0-RTT, 1 round trip was required for resumed sessions.
Below is an example of what this looks like when resuming a session to a KeyCDN asset over TLS 1.3 and 0-RTT:
bssl client -connect example-hexid.kxcdn.com:443 -test-resumption -early-data /dev/null
# First Session Connecting to 184.108.40.206:443 Connected. Version: TLSv1.3 Resumed session: no Cipher: TLS_AES_256_GCM_SHA384 ECDHE curve: X25519 Signature algorithm: rsa_pss_rsae_sha256 Secure renegotiation: yes Extended master secret: yes Next protocol negotiated: ALPN protocol: OCSP staple: no SCT list: no Early data: no Cert subject: CN = *.kxcdn.com Cert issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018 # Resumed Session Connecting to 220.127.116.11:443 Connected. Version: TLSv1.3 Resumed session: yes Cipher: TLS_AES_256_GCM_SHA384 ECDHE curve: X25519 Signature algorithm: rsa_pss_rsae_sha256 Secure renegotiation: no Extended master secret: no Next protocol negotiated: ALPN protocol: OCSP staple: no SCT list: no Early data: yes Cert subject: CN = *.kxcdn.com Cert issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018
In the second block,
Early data: yes is returned. This denotes that the session was resumed with 0-RTT.
Which versions of TLS does KeyCDN support?
KeyCDN supports the latest and greatest in TLS versions. At the beginning of 2018, we announced that we were deprecating TLS versions 1.0 and 1.1. This was due to the fact that both of these versions were quite outdated and posed several security risks. The vast majority of online users now browse online with browsers that support TLS 1.2. Since this version has been around for quite some time it is still very commonly used.
However, with the introduction of TLS 1.3 we hope to see more browsers and users adopt technology for better performance and security all around.
At the time of writing this article, KeyCDN currently fully supports TLS 1.2 and 1.3.
Testing TLS 1.3 support
At this time, IE and Opera Mini do not support the final version of TLS 1.3.
If you want to verify for yourself that assets are being delivered over TLS 1.3 you can do so in Firefox with the following:
- Navigate to a site which delivers KeyCDN assets and open the developer tools
- Navigate to the Network tab, and select an asset delivered by KeyCDN
- Select the Security tab and there you will see
Protocol version: TLSv1.3
The same thing goes for SSLLabs. If you're using that tool to test your TLS 1.3 connection you'll likely see the result be returned as "No" for the time being as they are still using the draft 28 version.
TLS 1.3 is the latest version of the Transport Layer Security (TLS) protocol, which provides significant improvements in terms of security, speed, and privacy. It reduces the number of round-trips required during the handshake process, resulting in faster and more efficient connections. Zero RTT is an extension of TLS 1.3 that allows for even faster connections by enabling a client to send data to the server without waiting for a response.
At KeyCDN, we are proud to say that we were one of the first CDNs to implement TLS 1.3 and zero RTT. This is a testament to our commitment to providing you with the latest and most secure protocols. We will continue to ensure that you always have access to the latest and most proven security protocols.
By implementing TLS 1.3 and zero RTT, we are helping to keep your data secure and providing you with a faster and more efficient connection to our CDN. This is a crucial part of our commitment to delivering the best possible service to you.