TLS 1.3 and McAfee Web Gateway

By on Oct 23, 2019

With the introduction of TLS 1.3 in 2018, IETF’s goal was (and is) to make the Internet a safer and more secure place.

Legacy technologies such as the RSA key exchange have been phased out now. Replacing it is a much safer Diffie-Hellman key exchange. There are two main benefits to this method: not only is perfect forward secrecy reached, but also a decryption after the fact is no longer possible, since the relevant key cannot be recalculated. The usage of elliptic curve ciphers introduces greater efficiency—as the same strengths can be reached with a smaller key, essentially the encryption will use fewer resources.

To support a safer Internet, adoption of TLS 1.3 is key. TLS 1.3 offers better security posture than its previous versions.

It is important that a web gateway supports TLS 1.3 to ensure secure connection. McAfee Web Gateway version 8.2.0 supports TLS 1.3 in a bi-directional fashion. This helps organizations to ensure that the connection from the internal client side has the same level of security as the connection on the outbound side (towards the server).

In the reverse proxy scenario, McAfee Web Gateway with TLS 1.3 helps secure Internet traffic for cloud infrastructures such as Azure and AWS, even when they don’t support TLS 1.3 themselves.

The timely adoption of TLS 1.3, as previously seen with HTTP/2, will enable customers to act at the speed of cloud and make cloud usage as safe and secure as possible. To find out more, please view this whitepaper.

About the Author

Michael Schneider

Michael Schneider is a Lead Product Manager for McAfee's Web Protection team. He is an IT Security veteran with +20 years of experience from which he spent 16 years as expert on Internet and Cloud Security. Michael leads product management for McAfee’s Web Protection product line.

Read more posts from Michael Schneider

Categories: McAfee Enterprise

  1. Hi Michael,

    The McAfee web gateway 8.2.0 is controlled release.
    But Main release is still

    When you expect that will be announced the Main release which will support TLS 1.3?
    Or you propose that clients who need SSL decryption pass to Controlled release?

Subscribe to McAfee Securing Tomorrow Blogs