How exactly will be called the next version of the TLS?

Will there be a version called TLS 1.3, TLS 4 or something else? Work on the next version already being conducted and is expected the final result will be ready in early 2017. It remains only to make small changes in protocol development. However, the main question that still has not been resolved – how to name the new version?

tlssl

At the time of publication of the first draft of the protocol was supposed to be called TLS 1.3. The current version is called TLS 1.2, and all versions of TLS, which subsequently came out, increased by one digit after the decimal point. The very first version of TLS 1.0 was released in 1999.

The reader may wonder: why not to name just a protocol TLS 1.3. But no. Within the community, there are some differences that hinder the process of releasing a new version.

As you may know, the protocol was originally called Secure Sockets Layer – or short, SSL. The protocol was invented by Netscape. The name was changed to TLS, when the development was moved to the Internet Engineer Task Force (IETF). In general, the list of versions is as follows: SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2.

The transition from the SSL 3.0 to TLS 1.0 always considered a source of confusion. Most system administrators and webmasters do not consider the version tracking as their priority. Because they believe that SSL 3.0 is newer than TLS 1.0, mainly relying on this version number. So webmasters used this unsecured version.

This confusion is compounded by the fact that SSL is still more widespread and recognized by the users, even if the protocol has already been called differently. Part of this is wine of industry, because many big players used SSL in their name – for example, the OpenSSL – the most widely used TLS / SSL library.

Now, when the next version of the protocol to be released, the community wants to fix this mess. Two popular names have been proposed to TLS 1.3: TLS 4 and TLS 2017. Both titles will have to deal with conflicting versions and give the new version of the largest numbered.

There are arguments that speak in favor of each of the three items.

TLS 1.3 fits perfectly into the current order of things, and therefore has an active community support. TLS 1.3 version continues the confusion, but it is not as important as a decade ago. For example, all major Web browsers actively disconnect unsecure option (such as, for example, SSL 3.0), and the configuration of the server is not so important. New versions of the software are unlikely to be compatible with SSL 3.0, so problem with the name versions are not so important.

Change the name to the TLS 4 would be allowed to show that this is the latest version, but it’s even more confusing, because in this case, 4 is the ideal choice, 3 – poor, and 1.3 – good. TLS 2017 clearly shows when the version was released, and there are good arguments in favor of this name.

Regardless of what the name of the protocol, it will include numerous useful options. Many trash as, for example, various types of encryption, will be removed, which will simplify the configuration and reduce the risk of using insecure configurations. 0RTT allow the use of lightning handshake.

Posted in Vulnerabilities, What is an SSL-Certificate Tagged with: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.