Why TLS 1.3 is important
TLS 1.3 is the official standard in high-security encryption and was developed to address the security shortcoming of the former standard bearer, TLS 1.2. The new standard substantially alters the management of encrypted traffic, but TLS 1.3 adoption will not happen overnight. TLS 1.3 delivers several customer benefits including:
- Higher security than TLS 1.2
- Faster session establishment
- Stronger cipher suites
- Eliminates known TLS Vulnerabilities
Maintaining high security while inspecting TLS
Finding the right tool for TLS interception
Enterprises will need tools that enable secure HTTPS inspection for both TLS 1.2 and TLS 1.3 traffic for a very long time. Even when a critical mass moves to TLS 1.3 you’ll want to support TLS 1.2 until the last TLS 1.2 server goes away. Every company is different and whether you are intercepting TLS today or are planning on doing so soon, there are industry best practices we suggest you follow for while designing a plan for the secure inspection of all SSL / TLS traffic.
- SSL / TLS inspection tools should enable TLS 1.3 security benefits while allowing customer choice in deciding how change is applied.
- Encrypted Traffic Management solutions should be evaluated on adherence to industry best practices, including strong cipher suite support.
- It’s important to retain the normal security posture of the session whenever possible and only to downgrade if unavoidable.
- Downgrading a session should not be done because of poor cipher suite support or performance issues.
- Solutions should provide all ports/protocols inspection of encrypted traffic and not be restricted to just HTTPS.
- Secure SSL / TLS inspection enabling tools should be easily added within the existing network security infrastructure.
- SSL / TLS interception tools need to be cost-effective and align with a company’s long-term security vision.
A purpose-built approach for high security TLS inspection
How Symantec can help
Symantec is an industry leader in high-security TLS inspection. We understand that secure decryption isn’t easy and have been working for years to get it right. The Symantec SSL Visibility Appliance enables the inspection for all ports and protocols of traffic. It supports the official version of TLS 1.3 (RFC 8446), as well as continued support for all previous TLS versions. What that means for you:
- Security tools currently receiving decrypted traffic from the Symantec SSL Visibility Appliance can continue to do their job without requiring any changes to cope with the newest version of TLS.
- Symantec SSL Visibility Appliance gives customers the most extensive out-of-the box set of high security cipher suites and now new cipher suites supported by TLS 1.3.
- Encrypted Traffic Management capabilities of the Symantec SSL Visibility Appliance can be added to a network very quickly, an important consideration if you are not currently prepared for TLS 1.3 and the changes ahead.