TLS 1.3 Activated ?



  • Is TLS 1.3 active in Viv and does it need to be turned on in browser and if so how?? TLS 1.3 is fully implemented now.



  • If you go toVivaldi://flags and search for tls you'll find relevant options.



  • @lonm Aha, interesting, ta. Have you actually done this... does it break many sites? [as you can tell, i have not yet tried it myself].

    0_1522306921673_f84a5973-4b69-4ea3-a232-a71b42b063f6-image.png


  • Moderator

    @steffie said in TLS 1.3 Activated ?:

    does it break many sites?

    If it is activated, the protocol will be negotiated by client ↔ web server, if a server does not work with TLS 1.3 it downgrades to 1.2.

    I do not see any issue yet, i use Draft 23 setting.



  • @gwen-dragon Vielen dank, Lilo. Of the three "Enabled" options, do you advocate any one over the others pls?


  • Moderator

    @steffie Sorry, but i do not know which setting to activate.
    I guess as the setting is experimental we have to wait until someone can tell more.

    And current Chrome 65 TLS 1.3 setting does not have more information.



  • @gwen-dragon Thanks. I've just now selected this, so i shall be interested to see if i experience any problems over coming days...

    0_1522307417864_a32718ca-d45a-4d66-b8c3-9ff4fff5f7f4-image.png



  • @steffie I've tried the draft settings but they don't really do much yet as they are still, well, in the draft state and I don't believe many servers will have it implemented fully.

    I would imagine wider adoption at the server end won't be possible until the implementation is actually complete and sever software gets updated, and by that time it will likely be enabled by default anyway.

    At this stage the flag is probably more useful to people who work with servers and need to test tls1.3.



  • @lonm You put it far more lucidly than me, but i was privately wondering something like that also myself. Oh well, i suppose i shall just switch it back to Default. Ta.



  • @dovelove FYI:
    This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows
    client/server applications to communicate over the Internet in a way that is designed to prevent
    eavesdropping, tampering, and message forgery.

    Document Quality

    There are over 10 interoperable implementations of the protocol from different sources written in
    different languages. The major web browser vendors and TLS libraries vendors have draft
    implementations or have indicated they will support the protocol in the future. In addition to
    having extensive review in the TLS working group, the protocol has received unprecedented
    security review by the academic community. Several TRON (TLS Ready or Not) conferences
    were held with academic community to give them a chance to present their findings for TLS.
    This has resulted in improvements to the protocol. There was also much consideration and
    discussion around any contentious points, resolved through polls and working group last calls.

    Please note that ID-nits complains about the obsoleted/updated RFCs not being listed in the
    abstract. This is intentional because the abstract is now a concise and comprehensive overview
    and is free form citations, as per RFC7322.

    TLS 1.3 bring us improved cryptography:

    TLS 1.3 completely drops support for earlier and formally obsolete hashing algorithms (such as
    MD5) and adds support for newer and much stronger alternatives such as ChaCha20, Poly1305,
    Ed25519, x25519, and x448.

    TLS 1.3 supports quicker initial handshake connection negotiation between the client and the
    server... so HTTPS over TLS v1.3 will no longer be slower than HTTP for that reason.

    TLS 1.3 supports new features to reduce the time needed to establish encryption handshakes
    with hosts to which the client has recently connected.

    TLS 1.3 brings strong protection against downgrade attacks which, if not prevented, could allow
    an attacker to trick a server into using an older and less secure version of the protocol.

    And despite the efforts by the financial business sector to make TLS v1.3's Perfect Forward
    Secrecy feature optional, it was adopted and approved as-is, without any weakening,
    unanimously by all the IETF members.

    Browsers like Chrome, Edge, Firefox, and Pale Moon have already rolled out support for earlier
    versions of the TLS 1.3 draft, and will be updating their support to the final and now official
    standard.

    SSL 2.0 1995
    SSL 3.0 1996 (+1)
    TLS 1.0 1999 (+3)
    TLS 1.1 2006 (+7)
    TLS 1.2 2008 (+2)
    TLS 1.3 2018 (+10)



  • @lonm
    Thanks seems faster and answered my question.



  • FYI:
    Cloudflare has implemented TLS 1.3 a long time ago

    Last year, Cloudflare was the first major provider to support TLS 1.3 by default on the server side. We expected the client side would follow suit and be enabled in all major browsers soon thereafter. It has been over a year since Cloudflare’s TLS 1.3 launch and still, none of the major browsers have enabled TLS 1.3 by default.

    The reductive answer to why TLS 1.3 hasn’t been deployed yet is middleboxes: network appliances designed to monitor and sometimes intercept HTTPS traffic inside corporate environments and mobile networks. Some of these middleboxes implemented TLS 1.2 incorrectly and now that’s blocking browsers from releasing TLS 1.3. However, simply blaming network appliance vendors would be disingenuous. The deeper truth of the story is that TLS 1.3, as it was originally designed, was incompatible with the way the Internet has evolved over time. How and why this happened is the multifaceted question I will be exploring in this blog post.

    To help support this discussion with data, we built a tool to help check if your network is compatible with TLS 1.3:
    https://tls13.mitm.watch/


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.