TLS Versions (1.0, 1.1, 1.2, 1.3) – What Changed

#The Evolutionary Leap: From TLS 1.2 to 1.3#link

Following the collapse of SSL and early TLS versions, the IETF focused on two goals: removing 'cruft' (legacy features) and reducing latency. The jump from TLS 1.2 to 1.3 wasn't just an update; it was a complete redesign of the cryptographic handshake.

The Steady State: TLS 1.0 and 1.1

TLS 1.0 (1999) was essentially SSL 3.1. While it improved the MAC (Message Authentication Code) and alerting system, it remained vulnerable to BEAST attacks. TLS 1.1 added protection against these by using explicit IVs (Initialization Vectors) for block ciphers. Both are now considered insecure for modern use.

The output above confirms the connection is using TLS 1.3. If you try `--tlsv1.0` on most modern sites, the connection will be immediately terminated by the server.

TLS 1.3: The Great Purge

TLS 1.3 (RFC 8446) is fundamentally different. It removed several dangerous features: static RSA key exchange (eliminating the lack of Forward Secrecy), custom Diffie-Hellman groups, and several weak hashes. It also reduced the handshake from two round-trips (2-RTT) to one (1-RTT), and introduced 0-RTT (Zero Round Trip Time) for returning visitors.

# Analyzing a TLS 1.3 handshake with tshark (conceptual)
tshark -i eth0 -Y "tls.handshake.version == 0x0304"

Production Considerations

When configuring a server, you must balance security and availability. While TLS 1.3 is ideal, some legacy enterprise clients (e.g., old Java 7 apps) only support TLS 1.2. The current 'gold standard' is to support TLS 1.2 and 1.3, and explicitly disable everything else.

• ▪Prioritize TLS 1.3 for all new deployments
• ▪Verify 0-RTT is disabled for sensitive API endpoints
• ▪Use AEAD-only ciphers (GCM, Poly1305)
• ▪Regularly audit for 'fallback' vulnerabilities