HTTP/2 & TLSv1.3: 2019 adoption & review of specs

HTTP/2 and TLSv1.3 specifications come with many new improvements to standard protocols that are core to all we do on the internet. Knowing the benefits of these improvements, as well as how and when to take advantage of them can help drive development and architecture implementation decisions for the better.

HTTP/2 Highlights:

TLSv1.3 Highlights:

  • current adoption 0.06% (as of 2017/12/26) cited from: https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/
  • separates key agreement and authentication algorithms from cipher suites
  • removes support for weak, lesser-used elliptic curves

    Added features:

    • Full handshake signature
    • Downgrade protection
    • Abbreviated resumption with optional (EC)DHE
    • Curve 25519 and 448

    Removed features:

    • Static RSA handshake
    • CBC MtE modes
    • RC4
    • SHA1, MD5
    • Compression
    • Renegotiation