TLS 1.3 - Enhanced Performance, Hardened Security

HTTPS performance has been made faster and safer for every user and every device.

Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to previous versions of TLS and non-secure HTTP. Working with the IETF, Cloudflare engineers have been active contributors to the development of the latest TLS protocol.

Cloudflare is the first to offer TLS 1.3 support on a global scale which reduces latency, optimizes performance and hardens the security of your encrypted connections. As we continue to innovate encryption technologies, Cloudflare's commitment to building a safer and faster web includes influencing the rapid adoption of TLS 1.3 in all modern browsers.

Enhanced Performance

Performance has a major impact on user experience. TLS 1.3 represents a pivotal turning point for HTTPS performance.

Modern mobile networks will routinely add over 100ms of latency to each request. TLS 1.3 makes page load times significantly faster for mobile devices, improving the user experience for your visitors.

Utilizing Cloudflare’s global content delivery decreases the physical distance between your content and your visitors resulting in shorter physical round trip connection times (latency). The combination of reduced round trip connections and shorter distance results in enormous performance gains when establishing a secure connection.

TLS v1.2 vs TLS v1.3

shows difference between tls 1.2 and 1.3

The new security protocol reduces latency caused during the TLS Handshake by removing a whole round-trip connection for session establishment.

shows difference between tls 1.2 and 1.3

Features Removed from TLS 1.3

  • Static RSA handshake
  • CBC MtE modes
  • RC4
  • SHA1, MD5
  • Compression
  • Renegotiation

Features Added to TLS 1.3

  • Full handshake signature
  • Downgrade protection
  • Abbreviated resumption with optional (EC)DHE
  • Curve 25519 and 448

Hardened Security

Data integrity is critical to your entire community. TLS 1.3 represents a significant leap forward for security. TLS 1.3 removes all primitives and features that have contribute to a weak configurations and enabled common vulnerability exploits like DROWN, Vaudenay, Lucky 13, POODLE, SLOTH, CRIME and more. TLS 1.3 has also introduced more improvements than any previous version of the protocol. Additional features have been added to enhance the security and robustness of the protocol.

Utilizing TLS 1.3 on the Cloudflare Network

TLS 1.3 is available on all plan levels. For Free and Pro customers, TLS 1.3 will be turned on by default. Business and Enterprise customers will have the option to opt-in. For clients that do not yet support TLS 1.3, fallback options will be available to utilize the most secure encryption protocol available to the client.

tls 1

In addition to TLS 1.3, secure connections running through Cloudflare benefit from performance enhancing features like a global content delivery network, HTTP/2 and Server Push. Cloudflare also provides additional layers of security that include protection against distributed denial-of-service attacks (DDoS), web-application firewall protection again malicious attacks like SQL injections, comment spam, excessive bot crawling, and much more.


Cloudflare is the first to offer TLS 1.3 support on a global scale. TLS 1.3 has removed common vulnerabilities within the protocol strengthening overall security. An abbreviated TLS/SSL handshake and 0-RRT session resumption have greatly reduces latency resulting a giant leap forward in performance. Cloudflare’s global network significantly reduces latency by terminating the user’s connection to a nearby server eliminating the need for the request to travel across oceans and continental.

The secure web is now more performance oriented than any other previous version and non-secure HTTP. Enhance the confidentiality, integrity, and availability of your content by signing up for Cloudflare today.