What are the main improvements TLS 1.3 made over TLS 1.2?

4 minintermediatetls-1.3tls-1.2comparison

Quick Answer

TLS 1.3 is faster (one round trip instead of two, plus optional 0-RTT resumption) and safer (it removed weak ciphers, RSA key exchange, and compression, and it always provides forward secrecy). It also encrypts more of the handshake itself, including the server's certificate, so less handshake metadata is visible to a network observer.

Detailed Answer

TLS 1.2TLS 1.3
Handshake round trips2 (1 with session resumption)1 (0 with 0-RTT resumption)
Key exchangeRSA or (EC)DHEOnly (EC)DHE — always forward-secret
Forward secrecyOptional, depends on cipher suiteAlways guaranteed
Weak/legacy ciphers (RC4, DES, MD5-based)AllowedRemoved entirely
CompressionAllowed (risk: CRIME attack)Removed
Certificate visible to network observerYes, sent unencryptedNo, encrypted after the key exchange step
RenegotiationSupported (had past vulnerabilities)Removed

The two headline wins are speed and security:

  • Speed — fewer round trips means a faster "time to first encrypted byte," which matters a lot on slow or high-latency mobile connections.
  • Security — TLS 1.3 removed an entire category of weak, legacy options. Instead of letting a server choose a secure cipher suite from a long list that also includes insecure ones, TLS 1.3 only offers secure choices in the first place.
  • One trade-off — TLS 1.3's certificate is encrypted, which is good for privacy, but it meant some older network security appliances needed updates to keep inspecting traffic.