Matthew Gates
SSL (Secure Socket Layer) and TLS (Transport Layer Security) are the security connections between networks that protect you and me and the entire world wide web from being seen and easily exposed. Instead of seeing you in plain text, your data is encrypted and my data is encrypted and thus, we have full privacy on the Internet. Several security measures, specifically TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As a result of this change, RunCloud has added the SSL/TLS protocol option which can be changed in your dashboard with a single click.
What is SSL/TLS Protocol?
TLS and SSL are a cryptographic protocol that uses an IETF standard and provides end-to-end communications security over networks and is widely used for internet communications and online transactions intended to prevent eavesdropping, tampering, and forgery. Most SSL and TLS use SHA-256 With RSA Encryption with some going even further to use 2048-bit RSA encryption which would take the most powerful computer on Earth about 6.4 quadrillion years to crack. The TLS handshake method is a multi-step process that bridges client and server to learn about each other, exchanging information, keys, and the encrypted message.
In other words, TLS is responsible for encrypting all of the information you request and recieve on the Internet by means of browsing the Internet, emails, instant messaging, or using VoIP services, such as Skype. Or more to the point, TLS is responsible for making sure client and server recognize each other immediately, so that a connection is made faster and more secure, requiring less round trips through open ports to communicate, so communication is more direct and responsive. TLS is more efficient and secure than SSL as it has stronger security measures and key generation along with other encryption algorithms. Eventually, support for SSL may stop in favor of the TLS connection.
Latest Update of SSL/TLS Protocol
The new update includes TLS 1.3 which is the first major rewrite of the protocol by the Internet Engineering Task Force (IETF). TLS 1.3 was released in August 2018 is specifically focused on HTTPS-encrypted traffic and therefore better protects privacy and hardens security, preventing any unwanted traffic. The encryption process of communication between client and server has also seen a speed increase for this update which also adds a boost in performance for web applications. The new TLS 1.3 drops support for older more vulnerable cryptographic algorithms. The last update of TLS 1.2 before the release of 1.3 occurred in 2008.
- Remove support for weak and lesser used named elliptical curves.
- Remove support for MD5 and SHA-224.
- Integrating use of session hash.
- Allow cookies to be longer.
- Require digital signatures even when previous configuration is used.
- Support for 1-RTT handshake.
What does this update actually mean for you? For the average developer or blogger, there is nothing you actually need to do as this update will likely not affect anything you are currently working on. If you are an advanced web developer or have to support older products, then this update may be of concern to you.
This update is critically important to the stability and security of the Internet as it is dropping support for TLS 1.0 and TLS 1.1 at the beginning of 2020. While most of your web servers are already on a supported TLS version, if you have an old server, you may have to make any changes yourself. We cannot offer any support for older versions of TLS.
Consider always keeping up to date with the latest security standards for optimal performance, privacy, and security. The latest TLS version is the most secure version, while older versions may still contain flaws.
Ho to Change SSL/TLS Protocol
To change your own security protocols for your server in RunCloud, navigate to Web Application and select your web app on the screen. Scroll down to SSL/TLS on the menu. As you move down the screen, you can see the SSL Protocol(s) option where you can change this to version(s) you want your web application to support.
TLSv1.2 TLSv1.3 is recommended and it is default option for new web application.
The reason you might swap this option to a version that supports lower TLS security protocol (TLSv1.1) is because you have applications using an older API client or old code.
It is suggested that you do not go to a lower tier and if you are just starting up a new web application: you do not have to worry about anything, as we will select the default TLS security protocol for your website. While nothing should happen in the next year, the major browsers could drop support for your website, as it does not meet the latest security standards.
As long as the Internet remains free, it will remain a place to express ourselves, privately and securely, while exposing only the information we want the world to know. TLS 1.3 is the latest and greatest secure technology and as we progress forward into 2020, the world is striving for a more faster and securer Internet, one where we can browse privately and ensure the information about our location, our payments, our communications on the Internet, are secure and can’t be read by “outsiders”. As we move more into the digital world where information is more rampant and vast than ever, we want to ensure that communications between computer and website or web client remain fast, private, and secure.
RunCloud is committed to keeping up with the latest trends in technology and security standards by ensuring these best practices are passed on to your servers and web applications. Keeping you and your website secure are our top priority. RunCloud offers the security tools necessary to help you manage your server, but does not claim any responsibility for any disruptions or bugs that may arise from changing this setting and therefore can only suggest that you update your TLS to the latest security protocol standards. RunCloud serves as only a facilitator and provides the best methods and protocols to keep your server and websites more secure.
Always love how easy setting up Let’s Encrypt SSL on runcloud