Forum Discussion
TLS 1.3
TheAutisticTechie As with Chrome, TLS/1.3 is supported in all versions of Chromium-based Edge (and will be supported on all platforms).
2) Responsible maintenance of a community that use your product should include announcing timelines for major updates like this..
3) the speed difference, as per plenty of real life benchmarks from the companies using it in production today is not insignificant.
It makes as 50% improvement in setup time for a TLS connection because only 2 instead of 3 total roundtrips are needed. The TLS component is halved.
For customers in Australia connecting to a US Server, that typically means about 200ms cut off the TTFB.
And 200ms latency is common. The global average RTT latency seen by users of Slack is reported as 200ms after they implemented their all-traffic cdn.
Another advantage of is that in a sense, it remembers! On sites you have previously visited, you can now send data on the first message to the server. This is called a “zero round trip.” (0-RTT). And yes, this also results in improved load time times
4) all software has vulnerabilities. & patches.
No one's suggesting cutting corners.
Microsoft's silence is either due to poor communication or because this isn't a priority.
If it's low priority it also won't the better developers assigned, and also will be a lower quality implementation.
1. The windows insider program didn't exist until Windows 10. If you meant the beta program, well that is completely irrelevant. Until Windows 10, Betas were exclusively used for pre-validation of applications, drivers, etc, and all were pretty much universally extremely unstable and unusable.
2. No, it doesn't.
3. No it isn't. Mathematically faster and something that is perceivably faster aren't the same thing. You seem to be exclusively focusing on web pages and other client apps, but no person is ever going to notice a difference of 200 milliseconds when the client applications takes thousands of milliseconds to render a page, or establish a SIP connection to the server. You aren't saving 200 milliseconds between australia and the united states either. I have a training web application that is hosted in Australia behind a cloud load balancer and typically only see latency of about 5-600 milliseconds in the health check which includes the ~300 or so milliseconds of establishing each session, which would only be incurred once in real use.
In ecommerce sites and content delivery networks these small gains could definitely measurably impact their business, but both of these segments are usually slow to implement new technology, because 1, both of them have to work all the time without exception, and 2, ecommerce has to be secure without exception and content delivery networks may have to be very strictly secure as well.
4. Implementing TLS is not even close to being the same thing as writing a patch for an application, and no exploit discovered within less than a year of the protocol's ratification due to incorrect implementation is even nominally acceptable. Virtually every TLS 1.3 client and server introduced multiple exploits enabling attack vectors at both ends, that allowed easy and difficult to detect downgrade attacks, abd if enabled allowed for easy downgrade to SSL 3.0 or TLS 1.0 - which more than likely was another incorrect TLS implementation containing exploits. Cutting corners is exactly what you are suggesting. Every single current implementation of TLS 1.3 cut corners and exposed every single one of it's users. In less than a year.