What are the main improvements TLS 1.3 made over TLS 1.2?
4 minintermediatetls-1.3tls-1.2comparison
Quick Answer
TLS 1.3 is faster (one round trip instead of two, plus optional 0-RTT resumption) and safer (it removed weak ciphers, RSA key exchange, and compression, and it always provides forward secrecy). It also encrypts more of the handshake itself, including the server's certificate, so less handshake metadata is visible to a network observer.
Detailed Answer
| TLS 1.2 | TLS 1.3 | |
|---|---|---|
| Handshake round trips | 2 (1 with session resumption) | 1 (0 with 0-RTT resumption) |
| Key exchange | RSA or (EC)DHE | Only (EC)DHE — always forward-secret |
| Forward secrecy | Optional, depends on cipher suite | Always guaranteed |
| Weak/legacy ciphers (RC4, DES, MD5-based) | Allowed | Removed entirely |
| Compression | Allowed (risk: CRIME attack) | Removed |
| Certificate visible to network observer | Yes, sent unencrypted | No, encrypted after the key exchange step |
| Renegotiation | Supported (had past vulnerabilities) | Removed |
The two headline wins are speed and security:
- Speed — fewer round trips means a faster "time to first encrypted byte," which matters a lot on slow or high-latency mobile connections.
- Security — TLS 1.3 removed an entire category of weak, legacy options. Instead of letting a server choose a secure cipher suite from a long list that also includes insecure ones, TLS 1.3 only offers secure choices in the first place.
- One trade-off — TLS 1.3's certificate is encrypted, which is good for privacy, but it meant some older network security appliances needed updates to keep inspecting traffic.