Support for TLS 1.3 with optional 0-RTT
With the latest Instart platform release, we are introducing support for TLS version 1.3, the latest and fastest secure transport protocol that powers HTTPS connections. It features hardened security with better encryption, and reduces the number of client-to-service round trips for connection setup and resume. This leads to faster performance.
TLS 1.3 removes the old insecure ciphers SHA-1, RC4, DES, 3DES, MD5, AES-CBS and more.
During initial connection, a client using TLS 1.2 offers a list of supported ciphers in the first request to the cloud, and the cloud replies. TLS 1.3 just sends the cipher it wants to use in the first request, which drops a round trip off the initial connection process.
TLS 1.3 has an optional 0-RTT resume connection feature. Both client and cloud remember the connection. This allows re-starting a previous connection without the usual back and forth.
When using TLS 1.3 with 0-RTT, be sure you understand the potential for certain types of theoretical replay attacks occurring with certain types of sensitive website operations.
TLS 1.3 is supported by the following browsers:
- Chrome 71+
- Chrome/Android 71+
- Firefox 65+
- Safari 12.1+
- Safari/iOS: 12.2+
- Samsung Internet 8.2
Microsoft Edge support is in development.
Our platform automatically uses TLS 1.2 for Edge and older browsers.
We are enabling TLS 1.3 on existing customer accounts by request. Contact Support for more information.