Implementation of TLS 1.3 standard in web servers

Implementation of the TLS (Transport Layer Security) 1.3 standard (published in August 2018) in a web server may require changes in the e-services authentication solution.

If your organisation uses ID-card authentication that is based on TLS’s client certificates at the catalogue level, it will no longer work once the TLS 1.3 standard is implemented. This is because web browsers do not (yet) support post-handshake authentication that corresponds to the TLS 1.3 protocol. Browser manufacturers are aware of the problem, but currently there is no information on whether or when this support will be added.

As a solution, we recommend using the TLS 1.2 standard or using ID-card authentication that is based on virtual hosting.

NB! If the service already uses authentication at virtual host level, the authentication solution does not need to be changed in order to implement the TLS 1.3 standard.

We would like to remind all owners and administrators of information systems that all major web browser manufacturers (Google, Apple, Microsoft, and Mozilla) discontinued the support for TLS 1.0 and TLS 1.1 standards in early 2020.

Read more: