KeyCDN Launches TLS 1.3 with 0-RTT Support

It has been quite some time since TLS underwent a major update. TLS 1.2 was defined in RFC 5246 10 years ago, back in August 2008. Now, 10 years later a faster, stronger, and more reliable version of TLS has been released. Today we're very excited to announce that KeyCDN has officially launched TLS 1.3 support for all customers. This brings with it some exciting benefits which we will discuss throughout this article.

Quick overview of TLS

We've covered the specifics of what TLS is in the past however here's a quick overview of what it entails. TLS stands for Transport Layer Security which is a cryptographic protocol used to increase security over computer networks. It can be used within a variety of applications including: securing of data over HTTPS, FTPS, SMTP, etc.

As a website owner, TLS essentially allows you to deliver your site over HTTPS. In 2018, this is absolutely essential for a number of reasons:

Google favors HTTPS-secured sites

HTTPS is required to use HTTP/2

HTTPS is required to use Brotli

HTTPS helps improve performance, security, and trust

If you've never heard of TLS, then maybe you've heard of the term SSL. SSL and TLS are many times used interchangeably, however, SSL is actually an older, less secure version of TLS. That being said, this year in 2018, a brand new version of TLS has been released in which the entire web will now begin migrating towards.

The benefits of TLS 1.3

It's safe to say that after 10 years, it's time for a new TLS protocol update. The update brings with it two major improvements: performance and security.

1. Faster performance

TLS 1.3 improves performance by reducing the number of round trips required for a TLS handshake from two to just one. Although this might not seem like much it can shave several ms off of your site's overall load time.

Additionally, TLS 1.3 also offers another feature called zero RTT (which we explain further below). This feature is great for frequently reoccurring visitors because it allows the browser to remember that a site is trustworthy and therefore doesn't require a round trip at all.

2. Enhanced security

Although TLS 1.2 is quite secure, it can sometimes be tricky to implement. That means that if it isn't properly configured it can open the door to cyber attacks. To offer better protection, version 1.3 has done away with numerous obsolete features that have known vulnerabilities including:

3DES

AES-CBC

Arbitrary Diffie-Hellman groups

Export ciphers

DES

MD5

RC4

RSA key transport

SHA-1

TLS 1.3 and zero RTT

Zero Round Trip Time Resumption, abbreviated as 0-RTT, is an additional feature which comes with our launch of TLS 1.3 support. It allows for even faster speeds due to 1 less round trip required.

Basically, there are two different categories when it comes to site visitors:

First-time visitors or users who haven't visited your site for a long time Visitors who return to your site after a short period of time, thus resuming a previous session

In the first scenario, TLS 1.3 offers a nice performance boost over TLS 1.2. With TLS 1.3, the handshake can be completed in just 1 round trip (1-RTT) instead of 2. However, for those who fall into the second category, there are no performance improvements between TLS 1.2 and 1.3. That being said, with the addition of 0-RTT, this changes things.

With 0-RTT, all handshake round trips can be eliminated for existing sessions which are resumed. The specification allows clients to include the actual data (called "early data") as part of the handshake, therefore, no round trips are required in this case. Previously, with TLS 1.2 as well as TLS 1.3 without 0-RTT, 1 round trip was required for resumed sessions.

Below is an example of what this looks like when resuming a session to a KeyCDN asset over TLS 1.3 and 0-RTT:

bssl client -connect demo-1.kxcdn.com:443 -test-resumption -early-data /dev/null

# First Session Connecting to 185.172.148.128:443 Connected. Version: TLSv1.3 Resumed session: no Cipher: TLS_AES_256_GCM_SHA384 ECDHE curve: X25519 Signature algorithm: rsa_pss_rsae_sha256 Secure renegotiation: yes Extended master secret: yes Next protocol negotiated: ALPN protocol: OCSP staple: no SCT list: no Early data: no Cert subject: CN = *.kxcdn.com Cert issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018 # Resumed Session Connecting to 185.172.148.128:443 Connected. Version: TLSv1.3 Resumed session: yes Cipher: TLS_AES_256_GCM_SHA384 ECDHE curve: X25519 Signature algorithm: rsa_pss_rsae_sha256 Secure renegotiation: no Extended master secret: no Next protocol negotiated: ALPN protocol: OCSP staple: no SCT list: no Early data: yes Cert subject: CN = *.kxcdn.com Cert issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018

In the second block, Early data: yes is returned. This denotes that the session was resumed with 0-RTT.

Which versions of TLS does KeyCDN support?

KeyCDN now supports the latest and greatest in TLS versions. At the beginning of 2018, we announced that we were deprecating TLS versions 1.0 and 1.1. This was due to the fact that both of these versions were quite outdated and posed several security risks. The vast majority of online users now browse online with browsers that support TLS 1.2. Since this version has been around for quite some time it is still very commonly used.

However, with the introduction of TLS 1.3 we hope to see more browsers and users adopt technology for better performance and security all around.

At the time of writing this article, KeyCDN currently fully supports TLS 1.2 and 1.3.

Testing TLS 1.3 support

At this time there are various browsers and SSL test services which do not yet support the final version of TLS 1.3.

Those that are supporting TLS 1.3 are still using draft 28 as opposed to the final RFC 8446 version. There really isn't much difference between both versions besides a version number which is essentially what Mozilla's Eric Rescorla stated:

TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded "draft" versions. Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). We expect to ship the final version in Firefox 63, scheduled for October 2018.

You can, however, download a beta version of Firefox or Chrome which does use the final version of TLS 1.3.

If you want to verify for yourself that assets are being delivered over TLS 1.3 you can do so in Firefox with the following:

Navigate to a site which delivers KeyCDN assets and open the developer tools

Navigate to the Network tab, and select an asset delivered by KeyCDN

Select the Security tab and there you will see Protocol version: TLSv1.3

At the time of writing this article, this is one of the few ways to verify an asset is being delivered over TLS 1.3 via a browser. As Firefox mentioned, they will be using the final version of TLS in Firefox 63. Similarly, Chrome will be using the final version in Chrome 70.

Chrome has been shipping a draft version of TLS 1.3 since Chrome 65. In Chrome 70, the final version of TLS 1.3 will be enabled for outgoing connections. - The Chromium Projects

The same thing goes for SSLLabs. If you're using that tool to test your TLS 1.3 connection you'll likely see the result be returned as "No" for the time being as they are still using the draft 28 version.

Summary

TLS 1.3 is a major upgrade from TLS 1.2 both in terms of performance and security. At KeyCDN, we're excited to be among one of the first CDNs to implement TLS 1.3 with 0-RTT so that our customers can take full advantage of its strengths. Within the coming months, more and more browsers will release support for the final version of TLS 1.3, therefore, there is no better time to start adopting this new technology than now.