Implementation of the TLS 1.3 standard in a web server may require making changes to the authentication solution

In August 2018, the new TLS 1.3 (Transport Layer Security) standard was released. Transition to the standard may require making changes to the authentication solutions of e-services.

If your organisation uses ID-card authentication that is based on TLS’s client certificates at the catalogue level, it will no longer work after implementing the TLS 1.3 standard. Namely, web browsers do not yet support post-handshake authentication that corresponds to the TLS 1.3 protocol. Browser manufacturers are aware of the problem, but currently, there is no information available about when or if browsers will support it.

As a solution to the problem, we recommend using the TLS 1.2 standard or using ID-card authentication that is based on virtual hosting. Implementing the TLS 1.3 standard does not require changing the authentication solution if you already use virtual host authentication.

Chrome’s bug report: https://bugs.chromium.org/p/chromium/issues/detail?id=911653

Firefox’s bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1511989

We would like to remind all owners and administrators of information systems that all major manufacturers of web browsers (Google, Apple, Microsoft, and Mozilla) will deprecate support for TLS 1.0 and TLS 1.1 in early 2020.


ASK FOR HELP

If you didn't find an answer to your question, send it to our team.



  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance

         

  • Verification failed

How can we improve the article and be more helpful?
Send Close