ELI5 TLS1.3
https://tls13.ulfheim.net
Differences between TLS1.2 and 1.3 https://tools.ietf.org/html/rfc8446#section-1.2
@syncsynchalt:
Of these, the #1 major difference is that every single record is now encrypted, other than the first two (Client Hello and Server Hello). Other than the obvious security benefit of encrypting something that used to be in clear text, this is going to make it so much easier to fix problems going forward since middleboxes can no longer understand and muck with anything outside those first two records.
However, to give a pointed example that’s not in the above list, consider the signature in 1.2’s Server Key Exchange vs the (identical purpose) signature in 1.3’s Server Certificate Verify.
- In 1.2, the signature was computed over (client random + server random + the curve name + the certificate’s public key)
- In 1.3, the signature was computed over (64 spaces to avoid a possible attack + a fixed string + a sha256 hash of the entire handshake to this point)
In the latter case, since the entire handshake is included in the signed data, it adds yet another protection (including the existing protections in Handshake Finished records) against an attacker being able to modify or replay a connection. You see this sort of thing all over the new protocol: any place that looks the least bit incomplete or iffy in 1.2 is now beefed up in 1.3, in a way that reflects our best understanding of cryptographic simplicity and safety.