Configuring Tls 1 3 For Secure Communications

Objectives

• Configure TLS 1.3 on nginx and Apache web servers
• Implement TLS 1.3 in Python applications using the ssl module
• Validate TLS configurations with openssl and testssl.sh
• Understand TLS 1.3 cipher suites and key exchange mechanisms
• Configure 0-RTT early data with appropriate protections
• Disable legacy TLS versions (1.0, 1.1) and weak cipher suites

Key Concepts

TLS 1.3 Cipher Suites

TLS 1.3 vs 1.2 Improvements

• 1-RTT Handshake: Full handshake completes in one round trip (vs 2 in TLS 1.2)
• 0-RTT Resumption: Resumed connections can send data immediately
• No RSA Key Exchange: Only ephemeral Diffie-Hellman (mandatory PFS)
• Simplified Cipher Suites: Removed CBC, RC4, 3DES, static RSA, SHA-1
• Encrypted Handshake: Server certificate is encrypted after ServerHello

Key Exchange Groups

• x25519: Curve25519 ECDH (preferred, fast)
• secp256r1: NIST P-256 ECDH (widely supported)
• secp384r1: NIST P-384 ECDH (higher security margin)
• x448: Curve448 ECDH (highest security)

Workflow

1. Verify OpenSSL version supports TLS 1.3 (1.1.1+)
2. Generate or obtain TLS certificate and private key
3. Configure server to use TLS 1.3 cipher suites
4. Disable TLS 1.0 and 1.1 (optionally keep 1.2 for compatibility)
5. Set preferred key exchange groups
6. Enable OCSP stapling for certificate validation
7. Test configuration with openssl s_client and testssl.sh
8. Configure HSTS header for HTTP Strict Transport Security

Security Considerations

• 0-RTT data is vulnerable to replay attacks; limit to idempotent requests
• Always include TLS 1.2 fallback if legacy client support is required
• Use ECDSA certificates for better performance (vs RSA)
• Enable OCSP stapling to improve client certificate validation
• Set HSTS header with long max-age and includeSubDomains
• Monitor for certificate transparency logs

Validation Criteria

• TLS 1.3 handshake completes successfully
• Only approved cipher suites are offered
• Perfect forward secrecy is enforced
• TLS 1.0 and 1.1 are rejected
• OCSP stapling is functional
• Certificate chain is valid and complete
• testssl.sh reports no vulnerabilities