Before a client and server can start exchanging TLS-protected information, they must safely exchange or agree an encryption key and code to use to encrypt the data (see Cipher). The methods used for the exchange/agreement include: public and private keys, generated by RSA (called TLS_RSA in the TLS-Handshake protocol), Diffie-Hellman (TLS_DH), ephemeral diffie-hellman (TLS_DHE), diff ie-hellman elliptical curve (TLS_ECDH ), short-lived Elliptic-Curve-Hellman (TLS_ECDHE), anonymous diffuse-hellman (TLS_DH_anon),  preinstalled key (TLS_PSK) and Secure Remote Password (TLS_SRP).  The public key certificates used during the exchange/agreement also differ depending on the size of the public/private encryption keys used during the exchange and, therefore, the robustness of the security provided. In July 2013, Google announced that it would no longer use a 1024-bit public key and would instead switch to 2048-bit keys to enhance the security of the TLS encryption it offers its users, as the encryption force is directly related to the size of the keys.   TLS 1.3 now has a radically simpler encryption trading model and a reduced set of important contractual options (no RSA, no custom DH settings). This means that each connection uses a key agreement based on the DH and that the settings supported by the server are probably easy to guess (ECDHE with X25519 or P-256). Because of this limited selection, customers can simply send DH key shares in the first message, instead of waiting for the server to confirm which key shares it is willing to support. This way, the server can learn the common secret key and send encrypted data a roundtrip earlier. For example, Chrome`s implementation of TLS 1.3 sends an X25519 key share in the first message to the server. The TLS_DH_anon and TLS_ECDH_anon main methods of agreement do not authenticate the server or user and are therefore rarely used, as they are subject to man-in-the-middle attacks. Only TLS_DHE and TLS_ECDHE guarantee the secrecy of appointments. The other form of key exchange, available in TLS, is based on another form of cryptography with public keys, invented in 1976 by Diffie and Hellman, the key agreement Diffie Hellman. In Diffie-Hellman, the client and the server first create a pair of public-private keys.
They then send the public part of their key part to the other party. When each party receives the other`s public key share, it combines it with its own private key and ends up getting the same value: the pre-main secret. The server then uses a digital signature to ensure that the exchange has not been faked. This key exchange is called “ephemeral” when the client and server select a new pair of keys for each exchange. The currently approved version of TLS is Version 1.3, released in: In February 2015, iETF released an RFC which brings together the various known attacks against TLS/SSL. This will effectively eliminate an entire round trip on the handshake, reduce the time required and improve the overall performance of the site. For more information on 0-RTT and the improvements made to the resume of session in TLS 1.3, check out this previous blog post. Extensions. (Neg-Ind-1) and (Neg-Comb-2) require the definition of new extensions.