Sandvine Logo
  • Solutions
    • Solutions Overview
    • Automation
    • Analytics
    • Network Optimization
    • Revenue Generation
    • Revenue Assurance
    • Regulatory Compliance
  • Products
    • Products Overview
    • Active Network Intelligence Portal
    • Intelligent Data Plane
    • Analytics and Visualization
    • COTS-Based Platforms
  • Customers
    • Mobile Operators
    • Cable Operators
    • Fixed Operators
    • Satellite Operators
    • WiFi Operators
    • Education Networks
    • Telecom Regulators
  • Services
    • Customer Support
    • Education & Training
    • Subscriptions
      • Blog
    • Downloads
  • Partners
    • Partner Program
    • Partner Portal
  • Company
    • About Sandvine
    • Active Network Intelligence
    • Executive Team
    • Board of Directors
    • Misuse of Products
    • Industry Partnerships
    • Careers
    • Investors
    • Contact Us
    • Contact Public Relations Team
  • Resources
  • Blog
    • Our Blog
    • In The News
    • Press Releases
    • Global Internet Phenomena
    • COVID-19 Trends
    • Internet Phenomena Podcast
    • Events
  • More Links
    • Fall Back
US Flag Icon Japanese Flag Icon
  • Solutions
    • Solutions Overview
    • Automation
    • Analytics
    • Network Optimization
    • Revenue Generation
    • Revenue Assurance
    • Regulatory Compliance
  • Products
    • Products Overview
    • Active Network Intelligence Portal
    • Intelligent Data Plane
    • Analytics and Visualization
    • COTS-Based Platforms
  • Customers
    • Mobile Operators
    • Cable Operators
    • Fixed Operators
    • Satellite Operators
    • WiFi Operators
    • Education Networks
    • Telecom Regulators
  • Services
    • Customer Support
    • Education & Training
    • Subscriptions
      • Blog
    • Downloads
  • Partners
    • Partner Program
    • Partner Portal
  • Company
    • About Sandvine
    • Active Network Intelligence
    • Executive Team
    • Board of Directors
    • Misuse of Products
    • Industry Partnerships
    • Careers
    • Investors
    • Contact Us
    • Contact Public Relations Team
  • Resources
  • Blog
    • Our Blog
    • In The News
    • Press Releases
    • Global Internet Phenomena
    • COVID-19 Trends
    • Internet Phenomena Podcast
    • Events
  • More Links
    • Fall Back
    blog_banner_2020

    Blog | Sandvine

    Schedule a Demo Schedule a Demo

    Global Internet Phenomena: TLS 1.3 Adoption — Facebook Leads the Way

    Shyam Valsan
    By Shyam Valsan

    August 6, 2018
    Back to listing
    Recommended
    Over 43% of the internet is consumed by Netflix,..
    Read More
    Recommended
    The 2019 Global Internet Phenomena Cometh and the..
    Read More
    Recommended
    Global Internet Phenomena Preview: Alexa vs. Siri
    Read More

    We live increasingly online lives, and encryption is a crucial and necessary component of our digital existence. Encryption provides security for our data at all times, maintains data integrity, and protects user privacy.

    When it comes to internet traffic and encryption, the two terms you'll hear thrown around most often are Secret Socket Layer (SSL) and Transport Layer Security (TLS), and it can get confusing if you aren't an expert. What's the difference between SSL and TLS? Are they the same thing? Which one is better? I’m glad you asked.

    SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines, and applications operating over a network. SSL was developed first, way back in 1995 by Netscape. TLS was designed to be a successor to SSL and replace it, and it made its debut in 1999 and was based on SSL 3.0. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms. SSL 2.0 and 3.0 have long been deprecated by the Internet Engineering Task Force (IETF), and the internet deals almost exclusively with TLS today, with multiple versions having been released over the years.

    It's been nearly a decade since TLS 1.2 was released, and it is the encryption protocol of choice for most internet traffic – more than 50% of the encrypted traffic on the internet runs on TLS 1.2. And now, after years of discussions and rework, the TLS 1.3 standard has been finalized as of March 21st, 2018. Last month, the IETF approved version 1.3 of the TLS specification to move to the standards track.

    encryption-status-distribution

    TLS 1.3 has several changes that improve performance and security, while also eliminating several complexities and simplifying the protocol stack. In short, it is a faster, simpler, and more secure alternative to existing TLS protocols. What's not to love?

    Here's a quick look at some of the key updates in TLS 1.3 along with their implications:

    Speed – 0-RTT

    • TLS 1.3 speeds up the time it takes to negotiate protocol versions, cipher suites, and authenticate the server.
    • This negotiation is done during the initial handshake between the client and server and is measured in round trip time (RTT) – the time it takes for a client to send a message to the server and for the server to respond back to the client.
    • With TLS 1.2, this would normally take 2-RTT or two round-trip times. TLS 1.3 cuts down the initial handshake to 1-RTT and in some cases 0-RTT by allowing session resumption.
    • A smaller RTT means faster connection times and web page load times, thus ensuring a more responsive browsing and internet experience.

    Security

    • Encrypted Handshakes
      • With TLS 1.3, all packets in the handshake after the initial client hello are encrypted. This includes the server certificates.
      • Network solutions that relied on understanding the information in the TLS handshake (e.g., validating the server certificate to identify anomalies) will no longer work.
    • Forward Secrecy
      • The use of static RSA and Diffie-Hellman key exchange has been replaced with ephemeral mode Diffie-Hellman, thereby providing forward secrecy.
      • Forward secrecy means that compromise of a private or long-term key in the future should not compromise the confidentiality of all past sessions.
      • Ephemeral mode Diffie-Hellman accomplishes this by coming up with a unique one-time key for each separate conversation between a client and server.
      • The implication of this change is that passive mode decryption using the RSA key exchange will no longer be possible.

    Simplicity – Less is More

    • TLS 1.3 simplifies the TLS protocol and does some much needed clean up by removing support for older broken forms of cryptography and trimming the cipher suite.
    • This streamlining makes TLS 1.3 simpler to configure for server operators – and faster to use for the end users.
    • TLS 1.3 also allows a connection to down-negotiate to TLS 1.2 where either side does not support TLS 1.3, ensuring backward compatibility.

    So how has the industry reception for TLS 1.3 been? Well, Sandvine took a detailed look at the data so far and two things are blindingly obvious:

    • Growth has NOT kicked off yet
      • Overall, adoption is still low and the growth curve has not taken off yet. Half a percent of all encrypted traffic is TLS 1.3, and that number hasn't increased drastically over the last quarter.
    • Facebook leads the way!
      • Facebook has decided to take the plunge and become THE high profile early adopter. They have adopted TLS 1.3 in some form across almost all of their services, including Facebook, WhatsApp, and Instagram.

    The statistics also indicate that Google, Twitter, Microsoft, and others have started to experiment with TLS 1.3 as well, and we expect the numbers to rise and TLS 1.3 adoption to really pick up in 2019.

    encryption-protocol-distribution

    At Sandvine, we pride ourselves on classifying the internet and providing valuable insights to our customers, and TLS 1.3 is a change we welcome with open arms. TLS 1.3 holds no demons for us, as our traffic classification is not impacted by the improvements it brings – and in being faster, simpler, and more secure it benefits the users and the operators.

    If you’d like to learn more about how Sandvine continues to thrive in a landscape with increasing encryption and what key use cases we can enable for you, then read our whitepaper “Shine a light on the darkening internet: How to thrive despite Encryption” or visit our website for more details.


    Written by Shyam Valsan

    Shyam is the Technical Product Manager for Sandvine's Data Management portfolio, which includes traffic classification, business intelligence, and AI-enabled solutions. He comes from an engineering background and enjoys getting his hands dirty with hands-on research into emerging technology, especially those related to data science and the ever-evolving internet. When he's not at work, he's hiking a mountain, reading a book, or kicking a football somewhere (but hopefully not at the same time).


    footer_logo
    About Sandvine Careers Contact
    Privacy Policy Legal Information Support
    Subscribe
    Accessibility
    +1 519 880 2600
    LinkedIn Icon
    YouTube Icon
    Twitter Icon
    Facebook Icon
    Instagram Icon
    Glassdoor Icon
    LinkedIn Icon
    YouTube Icon
    Twitter Icon
    Facebook Icon
    Instagram Icon
    Glassdoor Icon