Changes Coming to TLS: Part Two

If you prefer the video format, Nick and I gave a talk at 33c3 about how TLS 1.3 works and our experience deploying it at Cloudflare.<p><a href="https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;33c3-8348-deploying_tls_1_3_the_great_the_good_and_the_bad" rel="nofollow">https:&#x2F;&#x2F;media.ccc.de&#x2F;v&#x2F;33c3-8348-deploying_tls_1_3_the_great...</a>

Alternative title: &quot;Sanity Coming to TLS&quot;

Looking forward to TLS 1.3. Starting testing Nginx 1.11.13 + OpenSSL 1.1.0 draft 18 branch with TLS 1.3 myself <a href="https:&#x2F;&#x2F;community.centminmod.com&#x2F;posts&#x2F;47692&#x2F;" rel="nofollow">https:&#x2F;&#x2F;community.centminmod.com&#x2F;posts&#x2F;47692&#x2F;</a> not quite there yet. Needs some love on Nginx end too :)

&gt; If negotiating TLS 1.2, TLS 1.3 servers MUST set the last eight bytes of their Random value to the bytes: 44 4F 57 4E 47 52 44 01<p>If it is possible to do this safely, does that mean the TLS 1.2 Random value was always eight bytes too long? Or that it was unnecessary?

Most of these changes seem to just disallow weak cipher suites and RTT-1&#x2F;0 connections.<p>Are there any other differences between modern TLS 1.2 setup and TLS 1.3?

As I understand it, they are also removing raw public keys and OpenPGP keys, keeping only X.509 certificates.

Is there any reason not to use IPSec instead of TLS?