Lets talk about TLS 1.3
Submitted by Huzaifa Sidhpurwala (@huzaifas) on Sunday, 10 March 2019
Section: Full talk Technical level: Intermediate Section: Full talk (40 mins) Category: Security
SSL/TLS is probably the most widely used security protocol on the internet. Since heartbleed was discovered a few years back, this protocol has been constantly audited and evaluated by security researchers around the world. TLS 1.3 is the latest version of the protcol designed from ground up to be more secure than its previous versions. This talk discusses new features and security improvements in TLS 1.3.
We will talk about what SSL/TLS is, why it is important for the internet. Then take a brief look at few of the security flaws in the protocol over the years. The finally look at security and performance improvements in TLS 1.3. Lastly why should this affect you as a systems engineer, system administrator, developer or even as a normal user.
Basic understanding of how protocols work, basic understanding of cryptography.
I work as a Principal Product Security Engineer with Red Hat. I have been involved with high impact security flaws specially related to SSL/TLS over the last 10 years. I am a part of various upstream security teams and a contributor to Fedora security team.