Last updated: May 1, 2026
You can build a working understanding of TLS 1.3 in an afternoon if you focus on the right things: the four messages of the handshake, the eight or so extensions that matter, and the failure modes you are going to see in production. This module gives you that understanding. By the end you can explain TLS to an auditor, debug a handshake failure from a Wireshark capture, and confidently choose cipher suites and certificate-validation policies.
Why TLS 1.3 exists — what was wrong with 1.2
TLS 1.2 (2008) accumulated 17 years of patches and supports cryptographic primitives nobody should use anymore (RSA key exchange without forward secrecy, CBC mode ciphers vulnerable to padding-oracle attacks, MD5/SHA-1 in many places). The handshake takes 2 round-trips before encrypted data flows. The cipher-suite list is enormous (hundreds of permutations) — most insecure, all advertised. TLS 1.3 (RFC 8446, 2018) deleted everything broken: only AEAD ciphers, only ephemeral key exchange, only modern signatures. The handshake is one round-trip in the typical case (1-RTT) and zero in the resumption case (0-RTT). Cipher suites collapsed from hundreds to five. Padding oracles, CRIME, BEAST, Lucky13, FREAK, Logjam, ROBOT — almost all of them are simply not expressible in TLS 1.3.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.