On Sat, Mar 14, 2020 at 6:32 PM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
- I am reading this article https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3 I have a followup question regarding TLS version 1.3. Can we use it in production servers or it is good to be on TLS version 1.2? I look forward to hearing from you.
There are no problems with the protocol; it has had extensive analysis. There are no known implementation bugs, but of course that doesn’t mean there are none. Most browsers will use TLS 1.3 if the server supports it. Many big websites or providers use it. Go ahead. It does a smidgen more crypto work, but client/server latency is reduced.
As for TLS 1.2, it has not had as much analysis, but has no known protocol flaws. It is also considered safe to use.
Do not use TLS 1.1, TLS 1.0 or SSL 3.
Thanks Rich Salz for the explanation and much appreciated. Please suggest me books or tutorials to understand OpenSSL and TLS cryptographic protocol in detail. I look forward to hearing from you. Thanks in advance.
Best Regards,
Kaushal
