The encryption that protects your browser's connection to websites is getting a notch faster and a notch safer to use.
That's because the Internet Engineering Task Force (IETF) on Friday finished a years-long process of modernizing the technology used to secure website communications. You may never have heard of Transport Layer Security -- TLS for short -- but version 1.3 is now complete and headed to websites, browsers and other parts of the internet that rely on its security.
"Publishing TLS 1.3 is a huge accomplishment. It is one the best recent examples of how it is possible to take 20 years of deployed legacy code and change it on the fly, resulting in a better internet for everyone," said Nick Sullivan, head of cryptography for Cloudflare, which helps customers distribute their websites and other content around the world, in a blog post.
Way back in 1994, web pioneer and Mozilla predecessor Netscape Communications needed a way to let people type credit card numbers and passwords into a browser without fear that somebody eavesdropping could copy that sensitive data. The result, called SSL for secure sockets layer, grew into the industry standard now called TLS. It's what provides the S in HTTPS, the secure version of Hypertext Transfer Protocol that browsers use to load websites.
And now TLS is more important than ever. Google, Mozilla, Cloudflare and others are pushing hard to encrypt every webpage, not just obviously sensitive ones like login pages. Doing so thwarts surveillance, hackers and companies that want to inject their own advertisements.
TLS 1.3 speeds up encryption
TLS 1.3 brings some significant improvements over TLS 1.2, which was finished 10 years ago. Perhaps first on the list is that it'll mean websites load faster.
Setting up an encrypted connection on the web historically has caused delays since your browser and the website server must send information back and forth in a process called a handshake. The slower your broadband or the more congested your mobile network is, the more you'll notice these delays.
TLS 1.3 cuts the number of round-trip exchanges in the handshake from two to one, and a more advanced version can cut it all the way to zero.
Better security, too
Better security is also baked in. You may remember the Heartbleed problem in 2014, but there have been plenty of other TLS troubles, too, including POODLE, ROBOT, FREAK, Logjam and Sweet32. TLS 1.3 removes outdated cryptography technology, said Eric Rescorla, a Mozilla engineer and one of the authors of TLS 1.3, in a blog post.
The academic and theoretical foundations of TLS now have been updated with today's more practical security knowledge, added Cloudflare's Sullivan. "TLS was 90s crypto: It meant well and seemed cool at the time, but the modern cryptographer's design palette has moved on," he said.
TLS 1.3 is actually here already -- at least in draft form. Both Google Chrome and Mozilla Firefox incorporated a draft version of the standard and are working now on shipping TLS 1.3 in its final form. And even in draft form, TLS is a big deal at Facebook.
"Today, more than 50 percent of our internet traffic is secured with TLS 1.3," the social network giant said earlier in August in a blog post as it released a version of TLS technology other websites are free to use as well. "That will continue to grow as browsers and apps add support for TLS 1.3."
Follow the Money: This is how digital cash is changing the way we save, shop and work.
CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.