TLS-13
TLS 1.3. RFC 8446 published in 2018 the modern, simplified and more secure version of TLS.
Definition
TLS 1.3 is the current version of Transport Layer Security, published as RFC 8446 in August 2018. It supersedes TLS 1.0, 1.1 and 1.2, removes obsolete algorithms (RC4, 3DES, SHA-1, RSA-PKCS1v1.5), enforces Perfect Forward Secrecy, halves the number of handshake round-trips (1-RTT, even 0-RTT on session resumption). It is required by PEPPOL AS4 and by most modern EDI hubs.
Origin
TLS 1.3 was standardised by the IETF tls WG, chaired by Sean Turner, after 4 years of work between 2014 and 2018. It was massively deployed from 2019 in Chrome, Firefox, OpenSSL 1.1.1, BoringSSL, NSS. PEPPOL made TLS 1.3 mandatory in its 2024 AS4 specifications. eIDAS 2 and the NIS 2 directive require TLS 1.2 minimum and TLS 1.3 recommended for regulated flows.
Example in context
A mutual TLS 1.3 handshake between two PEPPOL Access Points typically takes 1 RTT: the client sends ClientHello + key_share, the server responds ServerHello + EncryptedExtensions + Certificate + CertificateVerify + Finished, and the client concludes with Finished. Client and server certificates are verified, OCSP is stapled, and encryption switches to AES-256-GCM in less than 100 ms.