TLS 1.2 vs TLS 1.1
What is TLS?
TLS stands for Transport Layer Security, which is a cryptographic protocol used to increase security over computer networks. TLS is the successor of SSL although is sometimes still referred to as SSL. TLS has been evolving as time passes to keep up with more complex security requirements, to fix cryptographic flaws, etc. The section below shows a quick timeline of the variations of TLS versions.
- TLS 1.0 - Released in 1999 and published as RFC 2246. This version of TLS was very similar to SSL 3.0
- TLS 1.1 - Released in 2006 and published as RFC 4346.
- TLS 1.2 - Released in 2008 and published as RFC 5246.
- TLS 1.3 - As of January 2016 this version of TLS is in working draft.
This article aims to explain the major differences that exist between TLS 1.2 (currently the most popular and secure version of TLS) and TLS 1.1.
TLS 1.2 vs TLS 1.1
To explain the differences between TLS 1.2 and TLS 1.1, we'll outline what changes took place in relation to the previous version of TLS.
As previously mentioned, TLS 1.1 was released in 2006 and is the second version of TLS. According to RFC 4346, the major differences that exist in TLS 1.1 compared to TLS 1.0 include the following:
- The implicit Initialization Vector (IV) is replaced with an explicit Initialization Vector for protection against Cipher Block Chaining (CBC) attacks.
- Padding error handling is modified to use bad_record_mac alert rather than decryption_failed alert. Again, to protect against CBC attacks.
- IANA registries are defined for protocol parameters.
- A premature close no longer causes a session to be non-resumable.
- Additional notes were added regarding new attacks and a number of clarifications and editorial improvements were made.
TLS 1.2 is currently the most used version of TLS and has made several improvements in security compared to TLS 1.1. According to RFC 4346, the major differences that exist in TLS 1.2 when compared to TLS 1.1 include the following:
- The MD5/SHA-1 combination in the pseudorandom function (PRF) is replaced with SHA-256 with the option to use the cipher-suite-specified PRFs.
- The MD5/SHA-1 combination in the digitally-signed element is replaced with a single hash which is negotiated during the handshake.
- Improvements to the client's and server's ability to specify the accepted hash and signature algorithms.
- Support for authenticated encryption for other data modes
- TLS extensions and AES cipher suites were added
- Tightened up various requirements
The greater enhancement in encryption of TLS 1.2 allows it to use more secure hash algorithms such as SHA-256 as well as advanced cipher suites that support elliptical curve cryptography. To check if a particular https:// web page is using TLS 1.2 encryption, you can run it through an ssllabs test. The results will provide you with information regarding what the site is using for security protocols, the cipher suites, etc.
What's next - TLS 1.3
Although TLS 1.2 provided some great security enhancements compared to its predecessor, TLS 1.3 aims to further improve upon the security protocol. Although this version of the protocol is still in working draft, a few of the main differences it will bring when compared to TLS 1.2 include the following:
- Remove support for weak and lesser used named elliptical curves.
- Remove support for MD5 and SHA-224.
- Integrating use of session hash.
- Allow cookies to be longer.
- Require digital signatures even when previous configuration is used.
- Support for 1-RTT handshake.
There are many additional upgrades planned for TLS 1.3 as can be seen in section 1.2 of the TLS 1.3 draft. Furthermore, to learn more about SSL / TLS and how the encryption process actually works, read our SSL TLS article.