# jnsp

Information Security, Software Development and *NIX

TLS 1.3

TLS 1.3 is around the corner, the new protocol is faster and more secure than its predecessors. The protocol only supports authenticated encryption, using either AES-GCM, AES-CCM or CHACHA20-POLY1305. Due to some optimizations during the handshake phase, a TLS 1.3 connection can be established within a single round trip (instead of two). Forward secrecy is now mandatory, which apparently caused problems for banks, who claimed breaking into their own TLS connections is necessary for debugging and security monitoring.

Currently, there are not many sites on the web that allow you to test your user agent for TLS 1.3 support. I decided to create a small website that indicates whether you are connected using TLS 1.2 or TLS 1.3 and which cipher suite was negotiated.

At the time of writing, you should be able to connect using TLS 1.3 with development versions of Firefox and Chrome.