TLS 1.3 Cipher Suites: Exploring the Key Changes

In this article, we will delve into the changes that TLS 1.3 brings to cipher suites. There are six significant changes that we will discuss, each providing context on how it worked before, why it may not have been the best choice, and how TLS 1.3 improves upon it.

Understanding Cipher Suites

Before we dive into the changes, let’s quickly review what a cipher suite is. In the Practical TLS course, we defined a cipher suite as the selection of specific protocols for four security services: key exchange, authentication, encryption, and hashing. TLS 1.3 simplifies the cipher suite by focusing on these four services.

Change 1: Dropping Support for Older Protocols

TLS 1.3 no longer supports older, potentially insecure protocols. In previous versions, TLS 1.2 and prior, a range of protocols were supported, even if they were known to have security vulnerabilities. TLS 1.3 removes support for any protocol that is even mildly suspicious in terms of security. This significantly reduces the risk of using insecure protocols.

Change 2: Simplification of Cipher Suite Definition

TLS 1.3 simplifies the definition of the cipher suite itself. In earlier versions, a cipher suite was a long string of characters that specified a specific protocol for each security service. This meant that for every unique combination of protocols, a separate cipher suite had to be defined. With TLS 1.3, the cipher suite is simplified into three orthogonal choices: one for key exchange, one for authentication, and one for encryption and hashing. This simplification reduces the number of cipher suites needed to account for all possible combinations.

Change 3: Fewer Cipher Suites in TLS 1.3

Due to the simplification of cipher suites in TLS 1.3, there are significantly fewer options available compared to previous versions. TLS 1.2 had over 300 cipher suites, but TLS 1.3 reduces this number to just five. This reduction in options streamlines the selection process and improves both simplicity and security.

Change 4: Introduction of Authenticated Encryption with Associated Data (AEAD) Ciphers

TLS 1.3 exclusively uses Authenticated Encryption with Associated Data (AEAD) ciphers. AEAD ciphers combine the encryption and integrity checks into a single step, providing both confidentiality and integrity simultaneously. In earlier versions, encryption and integrity were separate steps, leading to potential security vulnerabilities. AEAD ciphers ensure a better approach to integrity and confidentiality.

Change 5: Forward Secrecy for All TLS 1.3 Sessions

Forward secrecy ensures that even if a private key is compromised in the future, it cannot be used to decrypt past sessions. TLS 1.3 guarantees forward secrecy for all sessions, as all supported key exchange protocols provide forward secrecy. This significant security enhancement prevents access to past encrypted communication, further protecting user data.

Change 6: Removal of Custom Diffie-Hellman Groups

In previous versions, TLS allowed the use of custom Diffie-Hellman (DH) groups. However, TLS 1.3 removes this capability. Custom DH groups required careful selection of prime numbers and generators, which posed a significant security challenge. TLS 1.3 relies on industry-standard DH groups to ensure secure key exchanges.

Conclusion

TLS 1.3 introduces several key changes to cipher suites, enhancing both simplicity and security. By dropping support for old protocols, simplifying cipher suite definitions, reducing the number of cipher suites, utilizing AEAD ciphers, providing forward secrecy, and removing custom Diffie-Hellman groups, TLS 1.3 ensures a more secure and streamlined approach to encryption within the TLS protocol.

To learn more about TLS and become an SSL expert, check out the full Practical TLS course at Techal. Stay tuned for our next article, where we will discuss the differences in the TLS handshake.