CultSwitch, leading channel manager in the DACH market, has proposed CultBooking to move from TLS 1.1 to TLS 1.2. Therefore the switch and secure changed has been performed in Jun 2019 to keep up to date with the latest security protocols.
What Is TLS?
As keycdn mentiones:
‘ TLS stands for Transport Layer Security which is a cryptographic protocol used to increase securityover computer networks. TLS is the successor of SSL although is sometimes still referred to as SSL. TLS has been evolving as time passes to keep up with more complex security requirements, to fix cryptographic flaws, etc. The section below shows a quick timeline of the variations of TLS versions.
- TLS 1.0 – Released in 1999 and published as RFC 2246. This version of TLS was very similar to SSL 3.0
- TLS 1.1 – Released in 2006 and published as RFC 4346.
- TLS 1.2 – Released in 2008 and published as RFC 5246.
To explain the differences between TLS 1.2 and TLS 1.1, we’ll outline what changes took place in relation to the previous version of TLS.’
As previously mentioned, TLS 1.1 was released in 2006 and is the second version of TLS. According to RFC 4346, the major differences that exist in TLS 1.1 compared to TLS 1.0 include the following:
- The implicit Initialization Vector (IV) is replaced with an explicit Initialization Vector for protection against Cipher Block Chaining (CBC) attacks.
- Padding error handling is modified to use bad_record_mac alert rather than decryption_failed alert. Again, to protect against CBC attacks.
- IANA registries are defined for protocol parameters.
- A premature close no longer causes a session to be non-resumable.
- Additional notes were added regarding new attacks and a number of clarifications and editorial improvements were made.
TLS 1.2 is currently the most used version of TLS and has made several improvements in security compared to TLS 1.1. According to RFC 4346, the major differences that exist in TLS 1.2 when compared to TLS 1.1 include the following:
- The MD5/SHA-1 combination in the pseudorandom function (PRF) is replaced with SHA-256with the option to use the cipher-suite-specified PRFs.
- The MD5/SHA-1 combination in the digitally-signed element is replaced with a single hash which is negotiated during the handshake.
- Improvements to the client’s and server’s ability to specify the accepted hash and signature algorithms.
- Support for authenticated encryption for other data modes
- TLS extensions and AES cipher suites were added
- Tightened up various requirements
What are the benefits?
The greater enhancement in encryption of TLS 1.2 allows it to use more secure hash algorithms such as SHA-256 as well as advanced cipher suites that support elliptical curve cryptography. To check if a particular https:// web page is using TLS 1.2 encryption, you can run it through an ssllabs test. The results will provide you with information regarding what the site is using for security protocols, the cipher suites, etc.
For questions and help, you can reach us via the contact form or directly by email: email@example.com