TLS 1.3 Support

TLS 1.3 Experimental Support may be enabled in all editions.

Date Entered: 07/10/2017    Last Updated: 12/06/2017

All editions of IPWorks include experimental support for TLS 1.3. This is available in both client and server side components and can be enabled by setting SSLEnabledProtocols. For instance:

component.Config("SSLEnabledProtocols=12288"); //TLS 1.3

When enabled the component will automatically set UseInternalSecurityAPI to True and will not rely on any system libraries. Support for TLS 1.3 is still experimental and additional algorithms and cipher support will be added in the future. TLS13SignatureAlgorithms, TLS13SupportedGroups, and TLS13KeyShareGroups settings control the supported signature algorithms and key exchange groups respectively.

The following SSLEnabledCipherSuites are supported and enabled by default:

  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256

The following TLS13SignatureAlgorithms are supported and enabled by default:

  • rsa_pss_sha256
  • rsa_pss_sha384
  • rsa_pss_sha512
  • ecdsa_secp256r1_sha256
  • ecdsa_secp384r1_sha384
  • ecdsa_secp521r1_sha512
  • rsa_pkcs1_sha256
  • rsa_pkcs1_sha384
  • rsa_pkcs1_sha512

The TLS13SupportedGroups controls the supported key exchange groups available for use with (EC)DHE during the key exchange. This list should not be modified in most cases. The following values are supported by default:

  • ecdhe_secp256r1
  • ecdhe_secp384r1
  • ecdhe_secp521r1
  • ffdhe_2048
  • ffdhe_3072
  • ffdhe_4096
  • ffdhe_6144
  • ffdhe_8192
The TLS13KeyShareGroups control the list of groups for which key share values are pregenerated before connecting. When one of these groups is selected during negotiation it saves a round trip. The values below are selected for the best balance between supported values and computational resources required to pregenerate the data. In most cases this value does not need to be changed. The following TLS13KeyShareGroups are supported:

  • ecdhe_secp256r1 (default)
  • ecdhe_secp384r1 (default)
  • ecdhe_secp521r1
  • ffdhe_2048 (default)
  • ffdhe_3072 (default)
  • ffdhe_4096
  • ffdhe_6144
  • ffdhe_8192

Additional features and supported platforms are coming soon.


We appreciate your feedback.  If you have any questions, comments, or suggestions about this entry please contact our support team at kb@nsoftware.com.