In our world today, do you feel that encryption and added security with Secure Sockets Layer (SSL) slows down your connections from the browser to the servers? On the other hand, would you risk connecting over the internet with lesser encryption? Not really!
What are we announcing?
Citrix is delighted to announce the support for Transport Layer Security 1.3 (TLS 1.3 IETF-RFC 8446) with Citrix ADC. TLS 1.3 provides enhanced security with higher speeds in all communications between clients and servers. Citrix was the first ADC vendor to release TLS 1.3 draft in November 2017 (link).TLS 1.3 RFC was formally published in early August 2018. Citrix wasted no time and fulfilled our commitment to you by making TLS 1.3 generally available for all customers with Citrix ADC 12.1 (build 49.23) release and onwards. Once again, this makes Citrix the first ADC vendor to release out of the box support for TLS 1.3 RFC in a generally available build. With this, Citrix reinforces its leadership in the area of secure application delivery.
Customers can now secure the client-side connections with TLS 1.3 wherein, Citrix ADC acts as a proxy for classic applications and allows client connections to be secured with TLS 1.3. In the Citrix ADC 12.1 (build 49.23) release, TLS 1.3 is supported on Citrix ADC VPX (virtual appliance) and Citrix ADC MPX (Cavium N3 based hardware appliance).
What makes TLS 1.3 better for you?
TLS 1.3 comes with considerable improvements over its predecessors.
- Much faster connections — TLS 1.3 reduces round trips required between client and server for a successful handshake. 0-RTT (Zero Round Trip Time) feature of TLS 1.3 allows the client’s first request to be sent before the TLS connection is fully established, resulting in faster connection times. TLS 1.3 also allows a client to open multiple parallel connections by opening a fresh session ticket for each connection.
- Significantly better protection from external threats — Predecessors of TLS 1.3 were susceptible to attack vectors like padding oracle, protocol downgrade, etc. TLS 1.3 mitigates threats from these attacks. TLS 1.3 also provides perfect forward secrecyby default – which ensuresthat your session keys will not be compromised even if the private key of the server is compromised and thathelps in future protection of encrypted data. In addition to TLS 1.3 RFC support, this release also supports the following TLS 1.3 ciphers, on the same set of Citrix ADC VPX and MPX appliances:
- TLS1.3-AES256-GCM-SHA384 (0x1302)
- TLS1.3_CHACHA20_POLY1305_SHA256 (0x1303)
- TLS1.3-AES128_GCM-SHA256 (0x1301)
TLS 1.3 adoption
There are many early adopters of TLS 1.3. It is enabled by default on Mozilla Firefox 61 and Chrome 65. On the application side, Google and Facebook too have enabled TLS 1.3 on their servers. While 5% of Firefox connections are TLS 1.3 (link), 50+% of Facebook traffic is already over TLS 1.3 (report).
With Citrix ADC now supporting TLS 1.3, you can get significant benefits from the latest security protocol over the internet without making any change to your servers. So, join us and be an early adopter of TLS 1.3 with Citrix ADC.
For more information about TLS 1.3 support with Citrix ADC, please reach out to your Citrix sales representative or provide your comments below.