Choose your topics

What is Risk Management in Cybersecurity?

Let’s explore the essentials of risk management in the context of cybersecurity to help you understand how to identify, assess and mitigate cyber threats effectively.

Cyber Risk Management Enterprise Risk Management
3 Best Practices for Data Privacy

With more technology comes more data, and with that a greater need for data privacy enforcement. What best practices should you be following?

Data Privacy
How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Cyber Security

Why you should enable TLS1.3 I Consultant Corner

Why you should enable TLS1.3 I Consultant Corner
Written by


Published on

30 Oct 2020

Why you should enable TLS1.3 | Consultant Corner


Welcome to Consultant Corner

During this time of lockdown and remote working, many are brushing up on their extra reading and learning. We have asked our expert cybersecurity consultants to write up 5-minute reads on trends they’re seeing and tips for IT teams to stay protected. These topics aren’t COVID-19 specific and vary from VPN to brute-force attacks to barcodes.

You can stay alerted to new blogs from ‘Consultant Corner’ as soon as they are made available just register in our pop-up form below. After all, a cybersecurity blog a day keeps the malicious attackers at bay.

This blog is focused on TLS1.3 and is written by, Tom Dixon,Cybersecurity Consultant at SureCloud.

What is TLS1.3?

TLS1.3 was ratified in August 2018, but it has taken a while for support to become common. OpenSSL, one of the most common TLS implementations in the world has supported this new version of TLS since September 2018, but it has taken some time for support to reach clients and servers. You should now be considering enabling TLS1.3 for your services.

Circles Connected | Compliance Management | Risk Management

Following best practices in the industry, no TLS versions prior to TLS1.2 are now recommended. TLS1.2 was released in 2008 and is over 11 years old. Whilst TLS1.2 has aged well and is still considered secure when well configured, TLS1.3 is designed with current best practices in mind and has removed many features from TLS1.2 that are no longer considered secure. For now, a TLS1.3 server will be secure by default, and cannot be configured in a way to be vulnerable to the well-known attacks against TLS such as SWEET32, and LogJam. TLS1.3 only supports the following cipher suite, which are all considered high security, and all of which provide perfect forward security.

  • TLS_AES_256_GCM_SHA384
  • TLS_CHACHA20_POLY1305_SHA256
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_128_CCM_8_SHA256
  • TLS_AES_128_CCM_SHA256

Not only is TLS1.3 more secure, but it’s also faster. With new features such as Zero Round Trip Time (0-RTT) and TLS-False start, servers are much quicker at bringing up a TLS1.3 connection and often shortening the connection time by a third for initial connections, and even shorter on reconnecting.

Web Server Support

Web servers support is strong in the non-windows world, but support has been slow for Windows. Testing releases of TLS1.3 support for windows have been released so full support should be available soon. Some of the most common web servers are detailed bellow.


Support on content delivery networks is mixed, with CoudFlare having support, but AWS Cloudfront is lacking support.

Browser Support

Browser support for TLS1.3 is again stronger in third party browsers, however, the “New” Edge, which is based on Chromium, has support. If your clients are running supported web browsers, there is a good chance that they can take advantage of TLS1.3.


What if My Server Isn’t Supported?

TLS1.2 is still considered secure, there is no strong requirement to move to TLS1.3 at this time. It is however, important that your TLS configuration is secure. SureCloud recommends a standard TLS configuration such as Mozilla’s Intermediate compatibility profile. We have written about legacy TLS protocols before. For more information on why TLS1.2 and earlier versions should be disabled, please see this post.

About SureCloud

SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.

SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.

Discover SureCloud’s new Cyber Resilience Assessment Solution here.