freistilbox adds support for TLS 1.3

Published 2020-11-23 by Jochen Lillich

In an update to our Edge Routers that we rolled out recently, we added support for TLS encryption version 1.3 to freistilbox. This latest version of the TLS protocol makes communication on the web more secure and speedy than previous versions.

Transport Layer Security (TLS) is the encryption standard behind secure HTTPS connections. On freistilbox, it’s managed by a fleet of servers we call edge routers. At the border between the public internet and our hosting infrastructure, they accept incoming HTTP connections and forward them to your web application servers. They also handle the computational load required for the cryptographic protection of your website traffic.

With TLS 1.3, improvements like for example an optimised handshake procedure speed up content delivery. By cutting down on or even completely eliminating the overhead required for establishing a secure connection, your web pages and asset files can be transferred more quickly.

TLS 1.3 also gets rid of obsolete or insecure protocol features from TLS 1.2, including the following:

  • SHA-1
  • RC4
  • DES
  • 3DES
  • MD5
  • Arbitrary Diffie-Hellman groups (CVE-2016-0701)
  • EXPORT-strength ciphers (responsible for the FREAK and LogJam attacks)

Since TLS is by now widely supported by current browser versions, we’ve at the same time removed support of the old and insecure TLS 1.1 protocol from our edge routers.