TLS 1.3 – Smashing Transport Security

Check out this blog from ScotlandIS member, Plaid Security, taking a deep dive into TLS 1.3 as one of the strongest layers of defence for an organisation and why adoption remains an issue.

TLS 1.3 is the modern standard for securing web traffic, but adoption lags badly—over 20% of major sites still don’t use SSL/TLS at all.

This article traces the evolution from Netscape’s flawed SSL 1.0 through the POODLE attack that killed SSL 3.0, to TLS 1.3’s 2018 release, which stripped out weak ciphers and added quantum-resistant key exchange while mandating no backward compatibility.

The main barriers to adoption are legacy systems (e.g. older Windows Server versions that top out at TLS 1.2), middleboxes, and application dependencies. Organizations face regulatory pressure to upgrade under UK laws (Data Protection Act 2018, NIS Regulations) and US standards (FIPS, NIST SP 800-52, OMB). Where a full switch to TLS 1.3 isn’t feasible, options include WAFs, proxies, and load balancers (like F5) to terminate TLS at the edge.

The core message: treat TLS modernization as an ongoing risk-management process—identify, track, and mitigate weak points on your roadmap, because any encryption beats none, and your data is the crown jewel worth protecting.

Read the full article here.