Support TLS 1.3 with 1-RTT
TLS 1.3, the next version of security protocol for private and authenticated communication, is in the final phase of specification.
Cloudflare already supports it, Chrome 56 plans to support it January 2017 and Firefox in March 2017.
Edge should not stay behind and support TLS 1.3 with 1-RTT as well, ideally in the upcoming Creator's Update already.
Last month NIST updated its Cryptographic Algorithms and Key Lengths standard ‘NIST SP 800-131A Rev.2’. As a result, many current TLSv1.1/TLSv1.2 ciphers are now considered as “Weak”.
In addition to the NIST revision, many organizations still rely on CBC ciphers in TLSv1.1/TLSv1.2. Beginning end of May 2019, those ciphers will be rated as "F" with SSL Labs. That leaves only a few ciphers that will still be considered safe to use in TLSv1.1/TLSv1.2.
TLSv1.3 is desperately needed to provide quantum-safe cryptography. It has already been adapted by Chrome, Firefox, Safari and OpenSSL. Microsoft users really need Microsoft adapt TLSv1.3 ASAP to maintain regulatory attestation compliance.
Danny Murphy commented
I'm now only accepting TLS 1.3 on my website, so everyone on IE and Edge. TLS 1.3 has been out long enough for support to be possible. Has anyone seen any updates from Microsoft about this?
What will status of this be with news of chromium based edge?
Also, is this an schannel related thing? Will it still be added to Schannel?
Using a completely fresh install of Ubuntu 18.10, Apache 2.4.37, openssl-1.1.1a with the SSLProtocol directive set to TLSv1.3 only.
Status as of 20018-12-02:
Firefox 63.0.3 works out of the box.
Chrome 70 requires chrome://flags/#tls13-variant set to "Enabled(Final)". It comes with it set to "Enabled(Draft 23)". Yikes.
Microsoft Edge 1809 fails with TLS error.
Changed directive to "SSLProtocol TLSv1.3 TLSv1.2", and then Firefox and Chrome were TLS 1.3, and Edge was TLS 1.2 with no error.
C'mon MS, fix this.
Kagami Sascha Rosylight commented
Not even in 1809? No way :/
Bernd P commented
This becomes more urgently necessary now since TLS 1.3 has been finalised. MS should get rid of all old/weak/broken and obsolete encryption types ASAP. Add Chacha20_poly1305! in Windows 10, and Camellia with 128Bits+
CGM and CCM modes.
Also: Implementation of PCIDSS 3.2 Compliance. Getting rid of TLS 1.0 and all older protocols.
in 21/03/2018, TLS 1.3 was finalized !
[Deleted User] commented
Sarebbe ora di implementarlo
+3 votes for this!
I agree! Support for TLS 1.3 is the most important you can do in Microsoft Edge right now!
Alan H commented
Do it for the users :)