TLS 1.3 Activated ?

Dovelove

Is TLS 1.3 active in Viv and does it need to be turned on in browser and if so how?? TLS 1.3 is fully implemented now.

LonM

If you go toVivaldi://flags and search for tls you'll find relevant options.

Steffie

@lonm Aha, interesting, ta. Have you actually done this... does it break many sites? [as you can tell, i have not yet tried it myself].

0_1522306921673_f84a5973-4b69-4ea3-a232-a71b42b063f6-image.png

Steffie

@gwen-dragon Vielen dank, Lilo. ~~Of the three "Enabled" options, do you advocate any one over the others pls?~~

Steffie

@gwen-dragon Thanks. I've just now selected this, so i shall be interested to see if i experience any problems over coming days...

0_1522307417864_a32718ca-d45a-4d66-b8c3-9ff4fff5f7f4-image.png

LonM

@steffie I've tried the draft settings but they don't really do much yet as they are still, well, in the draft state and I don't believe many servers will have it implemented fully.

I would imagine wider adoption at the server end won't be possible until the implementation is actually complete and sever software gets updated, and by that time it will likely be enabled by default anyway.

At this stage the flag is probably more useful to people who work with servers and need to test tls1.3.

Steffie

@lonm You put it far more lucidly than me, but i was privately wondering something like that also myself. Oh well, i suppose i shall just switch it back to Default. Ta.

Dovelove

@dovelove FYI:
This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows
client/server applications to communicate over the Internet in a way that is designed to prevent
eavesdropping, tampering, and message forgery.

Document Quality

There are over 10 interoperable implementations of the protocol from different sources written in
different languages. The major web browser vendors and TLS libraries vendors have draft
implementations or have indicated they will support the protocol in the future. In addition to
having extensive review in the TLS working group, the protocol has received unprecedented
security review by the academic community. Several TRON (TLS Ready or Not) conferences
were held with academic community to give them a chance to present their findings for TLS.
This has resulted in improvements to the protocol. There was also much consideration and
discussion around any contentious points, resolved through polls and working group last calls.

Please note that ID-nits complains about the obsoleted/updated RFCs not being listed in the
abstract. This is intentional because the abstract is now a concise and comprehensive overview
and is free form citations, as per RFC7322.

TLS 1.3 bring us improved cryptography:

TLS 1.3 completely drops support for earlier and formally obsolete hashing algorithms (such as
MD5) and adds support for newer and much stronger alternatives such as ChaCha20, Poly1305,
Ed25519, x25519, and x448.

TLS 1.3 supports quicker initial handshake connection negotiation between the client and the
server... so HTTPS over TLS v1.3 will no longer be slower than HTTP for that reason.

TLS 1.3 supports new features to reduce the time needed to establish encryption handshakes
with hosts to which the client has recently connected.

TLS 1.3 brings strong protection against downgrade attacks which, if not prevented, could allow
an attacker to trick a server into using an older and less secure version of the protocol.

And despite the efforts by the financial business sector to make TLS v1.3's Perfect Forward
Secrecy feature optional, it was adopted and approved as-is, without any weakening,
unanimously by all the IETF members.

Browsers like Chrome, Edge, Firefox, and Pale Moon have already rolled out support for earlier
versions of the TLS 1.3 draft, and will be updating their support to the final and now official
standard.

SSL 2.0 1995
SSL 3.0 1996 (+1)
TLS 1.0 1999 (+3)
TLS 1.1 2006 (+7)
TLS 1.2 2008 (+2)
TLS 1.3 2018 (+10)

Dovelove

@lonm
Thanks seems faster and answered my question.

Dovelove

FYI:
Cloudflare has implemented TLS 1.3 a long time ago

Last year, Cloudflare was the first major provider to support TLS 1.3 by default on the server side. We expected the client side would follow suit and be enabled in all major browsers soon thereafter. It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3. However, simply blaming network appliance vendors would be disingenuous. The deeper truth of the story is that TLS 1.3, as it was originally designed, was incompatible with the way the Internet has evolved over time. How and why this happened is the multifaceted question I will be exploring in this blog post.

To help support this discussion with data, we built a tool to help check if your network is compatible with TLS 1.3:
https://tls13.mitm.watch/