Help Testing TLS 1.3 Compatibility for a More Efficient & Secure Internet

Transport Layer Security (TLS) is the protocol that allows for secure websites (via https), and currently, TLS 1.2 is the version most commonly used today, with 1.0 and 1.1 still supported by many servers for backward compatibility with older browsers, including the one running this blog. TLS 1.3 is the next version, already supported in libraries and server software such as wolfSSL or nginx, and promises to be more efficient – important for battery operated devices (IoT) – thanks to features like zero-RTT (0-RTT) mode, speedy with a restructured handshake state machine, and more secure.

However, changes in security protocol may mess up connection with some browsers or middleboxes, as I experience when I enabled https on CNX Software using Let’s Encrypt with nginx and Cloudflare, with around 0.5% of users losing access due to using older web browsers and operating systems such as Internet Explorer on Windows XP. According to Cloudflare, compatibilities issues are the main reasons why TLS 1.3 has not been enabled in web browsers, since around 3% of traffic fails when TLS 1.3 is enabled, mostly due to incorrect implementation of TLS version negotiations in some middleboxes.

TLS 1.3 draft 22 improves compatibility by making TLS 1.3 look like TLS 1.2 to those middleboxes, and success rates have increased to 98+%, but more testing is needed. You can help as Cloudflare has setup a website to test TLS 1.3 in your browser (Adobe Flash is used for maximum compatibility). In my case only IPv4 worked, since my ISP does not support IPv6, but I got no problem with TLS 1.3.

If the TLS 1.3 test fails, you can contact Cloudflare by email with your test identifier, middlebox information if you’re in a corporate environment, or ISP name if you are on a residential network.

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress