TLS 1.3: Why It Matters and How to Enable It
TLS 1.3 is faster, more secure, and eliminates a decade of protocol baggage. This guide explains what changed, what the security benefits are, and how to enable it on common web servers and CDNs.
What changed in TLS 1.3
Transport Layer Security 1.3 was published as RFC 8446 in 2018. It is not an incremental update to TLS 1.2 — it is a redesign that removed everything that had accumulated two decades of technical debt.
The headline changes:
- Handshake reduced from 2 round-trips to 1 (1-RTT), with 0-RTT resumption for returning visitors
- All non-forward-secret cipher suites removed
- All static RSA key exchange removed
- All CBC-mode cipher suites removed
- MD5 and SHA-1 removed from handshake authentication
- RSA PKCS#1v1.5 signatures removed (replaced with RSA-PSS)
TLS 1.3 only supports five cipher suites, all of them AEAD (authenticated encryption with associated data), all with forward secrecy. There is no negotiation of weak options.
The security benefits
Forward secrecy is mandatory
In TLS 1.2, some cipher suites used static RSA key exchange. If an attacker recorded your encrypted traffic and later obtained your server's private key (through a breach, a court order, or a FOIA request), they could decrypt all that recorded traffic retroactively.
TLS 1.3 uses only ephemeral key exchange. Each session generates a fresh key pair. Even if your server's private key is later compromised, past sessions cannot be decrypted.
Smaller attack surface
Every cipher suite and feature in TLS 1.2 that has a known attack (BEAST, CRIME, BREACH, POODLE, FREAK, Logjam, ROBOT) has been removed from TLS 1.3. There is simply no way to negotiate down to a broken cipher or protocol version.
Encrypted handshake
In TLS 1.2, server certificates were sent in the clear during the handshake, leaking the domain name to network observers. TLS 1.3 encrypts the certificate exchange, providing better privacy and reducing metadata leakage.
Performance benefits
The 1-RTT handshake removes a full round-trip from every new TLS connection. For global audiences, where round-trip times might be 200ms+, this is a meaningful latency reduction. The 0-RTT resumption feature allows returning visitors to send application data with the very first packet, eliminating all handshake latency for subsequent connections.
Enabling TLS 1.3
nginx:
ssl_protocols TLSv1.2 TLSv1.3;
Apache:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Cloudflare: TLS 1.3 is enabled by default. Ensure minimum TLS version is set to 1.2 in SSL/TLS settings.
AWS ALB / CloudFront: Select a security policy that includes TLS 1.3. The ELBSecurityPolicy-TLS13-1-2-2021-06 policy is recommended.
Browser support
TLS 1.3 is supported by all modern browsers (Chrome 70+, Firefox 63+, Safari 12.1+, Edge 79+). If you need to support IE 11 or older Android browsers, keep TLS 1.2 enabled as a fallback. For most UK business websites, TLS 1.3-only is feasible if your analytics confirm modern browser usage.