Safer browsing and memory management
When it comes to web browsers, Valentine Sinitsyn experiences the usual sense of nostalgia, then remembers the latest security measures are key.
The way we used the internet has changed drastically over the past 20 years. Back then, nobody cared too much about encrypted communications, As e-commerce and similar web sites started to grow, the need for encryption became evident.
So Netscape designed a protocol called Secure Sockets Layer (SSL). The idea was to add encryption at the transport layer so any application-level protocol, be it HTTP, email (POP3/IMAP/SMTP) and now DNS (see
https://bit.ly/2JQzxRC), can leverage it easily. The original SSL was a proprietary protocol, but IETF took over newer versions that became standards. SSL 3.0 was the last one, and future improvements over the protocol were called TLS (Transport Layer Security). TLS 1.0 is what you’d call SSL 3.1. Over time, numerous vulnerabilities were discovered in both SSL and TLS. These attacks used design flaws, weak ciphers and protocol downgrades to reveal encrypted data.
In the modern world, TLS isn’t limited to e-commerce sites. Privacy is always a concern, given how much data about ourselves the internet already has. And of course, TLS is a de-facto companion to HTTP/2: it makes the latter not only safe, but also more robust.
So TLS receives updates from time to time. The last one took place in March with TLS 1.3. The process took 28 drafts and the new standard was approved unanimously. TLS 1.3 is already supported on modern web browsers ( Firefox49, Chrome63 and so on), and OpenSSL will implement it in 1.1.1 (hopefully, by the time you read this).
TLS 1.3 drops cryptographic primitives that were proved to be insecure, such as RC4, MD5 and SHA-224, and adds some new ones, for example, ChaCha2020 stream cipher and the Poly1305 message authentication code. It also deprecates underused or unsafe features: compression, re-negotiation, static RSA handshake and so on – some of these were attack vectors in the past.
Another slightly controversial change is Perfect Forward Secrecy (PFS): TLS 1.3 employs the Ephemeral Diffie-Hellman key exchange protocol, so an attacker can’t use a compromised key to decrypt previously recorded sessions. This breaks some legitimate scenarios, such as passive monitoring.
Last but not least, TLS 1.3 makes connection faster because it remembers data, thus saving a round-trip between a client and a server.