CloudFlare Inc. wants to put an end to the unencrypted internet with the rollout of a new suite of features including TLS 1.3, Opportunistic Encryption and Automatic HTTPS Rewrites.

Leading the announcement is support for TLS 1.3, the latest version of Transport Layer Security that improves both speed and security for Internet users.

TLS 1.3 is said to offer a more secure approach to encryption by removing support for older, broken forms of cryptography that were previously supported in TLS 1.2, which was standardized back in 2008. Features removed from TLS 1.3 include RSA key transport, CBC mode ciphers, RC4 steam chipher, SHA-1 hah function and arbitrary Diffie-Hellman groups.

“TLS 1.3 removes the ‘bad crypto smell’ of these legacy features, making it less likely that attacks on previous versions of the protocol will affect TLS 1.3,” CloudFlare said in an announcement post. “This streamlining also makes TLS 1.3 much simpler to configure for server operators.”

On top of the improved security, TLS 1.3 also delivers a significant speed improvement by enabling encrypted traffic to be as fast as non-encrypted traffic by abolishing the need for data to take two round-trips to complete a handshake, the company said. TLS 1.3 requires only one handshake to confirm a secure transaction, cutting the time required in half.

“That’s like going from a fast station wagon (0-60mph in 10 seconds) to a Tesla Model S (5 seconds),” CloudFlare noted.

Support

While CloudFlare is rolling out support for TLS 1.3 before the standard is officially certified by the end of the year, browser support for the standard is highly lacking, with only build editions of Firefox Nightly and Chrome Canary supporting the standard.

In the event that someone visits a site with a browser that does not support the standard, CloudFlare will enable TLS 1.2 support instead.

Image source: yusamoilov/Flickr/CC by 2.0