TLS 1.3 for engineers: An exploration of the TLS 1.3 specification and OpenJDK's Java implementation

Abstract

The Internet delivered in excess of forty terabytes per second in 2017 (Cisco, 2018), and over half of today's Internet traffic is encrypted (Sandvine, 2018); enabling trade worth trillions of dollars (Statista, 2017). Yet, the underlying encryption technology is only understood by a select few. This manuscript broadens understanding by exploring TLS, an encryption technology used to protect application layer communication (including HTTP, FTP and SMTP traffic), and by examining Oracle's Java implementation. We focus on the most recent TLS release, namely, version 1.3, which is defined by RFC 8446.