TLS 1.3 cut handshake latency from 2 round-trips to 1 (or 0 with session resumption), removed dozens of legacy primitives, and made common attacks structurally impossible. By 2026 it's deployed almost everywhere; understanding the internals is now baseline networking knowledge.

Advertisement

1-RTT handshake

Client sends ClientHello + key share in first message. Server replies with ServerHello + key share + Finished. Encrypted application data flows in next packet. Half the latency of TLS 1.2.

0-RTT for resumption

Resumption with PSK lets client send encrypted data in the very first packet. Caveat: 0-RTT data is replay-able by attackers — only safe for idempotent operations (GETs, not POSTs).

Advertisement

What's gone

RSA key exchange removed (no PFS). CBC modes removed. SHA-1 removed. Compression removed (CRIME). Renegotiation removed. The attack surface is dramatically smaller.

TLS 1.3 = 1-RTT default, 0-RTT for idempotent, no legacy crypto. Enable everywhere; reject 1.2 in new services.