Is TLS 1.3 out yet?

Is TLS 1.3 widely supported?

What features does it provide?

Let's see.

The "TLS 1.3 is now widely supported" meme has become a very powerful communication point in the security world and it continues to live out its days.

From the beginning, TLS 1.3 was an incremental technology, which provided some very small improvements over TLS1.

Yet as the Internet has adopted TLS 1.2 rather than waiting for TLS 1.3 or abandoning SSL altogether, we've found evidence that most enterprises support the version of the TLS protocol, and not the security protocols it supports. This is not due to their inability to upgrade their IT infrastructure (that's really not the issue) but because of some other reason, which was described by many people in the TLS 1.3 announcement.

I would like to take this "TLS 1.3 is widely supported" concept one step further. I want to show the readers of this site, and especially newcomers in the security space, that TLS 1.3 is really more of an optimization layer above TLS 1.2 - not just an improvement over the previous version but actually a whole new system of protocols.3 provides all the protocols, but only uses them when they are really needed or useful. When implemented efficiently, TLS 1.3 can enable all the benefits, not just one small part of it.

First, let's see what TLS 1.3 actually provides. According to the standards, TLS 1.3 provides TLS 1.2 (which in turn upgrades to TLS 1.0), TLS 1.1 and TLS 1.0) Therefore, the protocols that you'll find if you look at a list of TLS 1.3 enabled servers, will be TLS 1.2, TLS 1.0, plus maybe one or two others that are used internally.

All of these protocols are "widely supported". That means that we still support the underlying protocol, whether it is TLS 1.1, TLS 1.0, TLS 1.3, or some new protocol.

We don't necessarily support any specific feature of a protocol. For instance, we have a lot of TLS 1.0 and TLS 1.