TLS 1.3 and McAfee Web Gateway

By Michael Schneider on Oct 23, 2019

With the introduction of TLS 1.3 in 2018, IETF’s goal was (and is) to make the Internet a safer and more secure place.

Legacy technologies such as the RSA key exchange have been phased out now. Replacing it is a much safer Diffie-Hellman key exchange. There are two main benefits to this method: not only is perfect forward secrecy reached, but also a decryption after the fact is no longer possible, since the relevant key cannot be recalculated. The usage of elliptic curve ciphers introduces greater efficiency—as the same strengths can be reached with a smaller key, essentially the encryption will use fewer resources.

To support a safer Internet, adoption of TLS 1.3 is key. TLS 1.3 offers better security posture than its previous versions.

It is important that a web gateway supports TLS 1.3 to ensure secure connection. McAfee Web Gateway version 8.2.0 supports TLS 1.3 in a bi-directional fashion. This helps organizations to ensure that the connection from the internal client side has the same level of security as the connection on the outbound side (towards the server).

In the reverse proxy scenario, McAfee Web Gateway with TLS 1.3 helps secure Internet traffic for cloud infrastructures such as Azure and AWS, even when they don’t support TLS 1.3 themselves.

The timely adoption of TLS 1.3, as previously seen with HTTP/2, will enable customers to act at the speed of cloud and make cloud usage as safe and secure as possible. To find out more, please view this whitepaper.