The Era of TLS 1.3: Measuring Deployment and Use with Active and Passive Methods

by   Ralph Holz, et al.

TLS 1.3 marks a significant departure from previous versions of the Transport Layer Security protocol (TLS). The new version offers a simplified protocol flow, more secure cryptographic primitives, and new features to improve performance, among other things. In this paper, we conduct the first study of TLS 1.3 deployment and use since its standardization by the IETF. We use active scans to measure deployment across more than 275M domains, including nearly 90M country-code top-level domains. We establish and investigate the critical contribution that hosting services and CDNs make to the fast, initial uptake of the protocol. We use passive monitoring at two positions on the globe to determine the degree to which users profit from the new protocol and establish the usage of its new features. Finally, we exploit data from a widely deployed measurement app in the Android ecosystem to analyze the use of TLS 1.3 in mobile networks and in mobile browsers. Our study shows that TLS 1.3 enjoys enormous support even in its early days, unprecedented for any TLS version. However, this is strongly related to very few global players pushing it into the market and sustaining its growth.


page 1

page 2

page 3

page 4


Analysis of the DoIP Protocol for Security Vulnerabilities

DoIP, which is defined in ISO 13400, is a transport protocol stack for d...

Softwire Hub and Spoke Deployment Framework with Layer Two Tunneling Protocol Version 2 (L2TPv2)

This document describes the framework of the Softwire "Hub and Spoke" so...

An Active-Passive Measurement Study of TCP Performance over LTE on High-speed Rails

High-speed rail (HSR) systems potentially provide a more efficient way o...

An Enhanced Passkey Entry Protocol for Secure Simple Pairing in Bluetooth

In this paper, we propose a simple enhancement for the passkey entry pro...

A Versatile Wireless Network Protocol for Spectrum Sharing with Passive Radio Services

With the proliferation of wideband active services in bands shared with ...

Secure Internet Exams Despite Coercion

We study coercion-resistance for online exams. We propose two properties...

Rusty Clusters? Dusting an IPv6 Research Foundation

The long-running IPv6 Hitlist service is an important foundation for IPv...

Please sign up or login with your details

Forgot password? Click here to reset