Messaging Gateway support for TLS 1.3
search cancel

Messaging Gateway support for TLS 1.3


Article ID: 164220


Updated On:


Messaging Gateway


What is the status of Symantec Messaging Gateway (SMG) support for TLS 1.3?


Concerns about vulnerabilities in the TLS 1.X protocol suit.


Please note that Symantec Messaging Gateway (SMG) does not support TLS 1.3 as of SMG version 10.7.5-4, even though TLS 1.3 has been standardized and is available as RFC 8446 (August 2018).



Draft information below from Wikipedia as of April 2017:

TLS 1.3 (draft)

As of July 2016, TLS 1.3 is a working draft, and details are provisional and incomplete. It is based on the earlier TLS 1.2 specification. Major differences from TLS 1.2 include:

  • Removing support for weak and lesser-used named elliptic curves (see Elliptic curve cryptography)
  • Removing support for MD5 and SHA-224 cryptographic hash functions
  • Requiring digital signatures even when a previous configuration is used
  • Integrating HKDF and the semi-ephemeral DH proposal
  • Replacing resumption with PSK and tickets
  • Supporting 1-RTT handshakes and initial support for 0-RTT (see Round-trip delay time)
  • Dropping support for many unsecure or obsolete features including compression, renegotiation, non-AEAD ciphers, static RSA and static DH key exchange, custom DHE groups, point format negotiation, Change Cipher Spec protocol, Hello message UNIX time, and the length field AD input to AEAD ciphers
  • Prohibiting SSL or RC4 negotiation for backwards compatibility
  • Integrating use of session hash
  • Deprecating use of the record layer version number and freezing the number for improved backwards compatibility
  • Moving some security-related algorithm details from an appendix to the specification and relegating ClientKeyShare to an appendix
  • Addition of the ChaCha20 stream cipher with the Poly1305 message authentication code
  • Addition of the Ed25519 and Ed448 digital signature algorithms
  • Addition of the x25519 and x448 key exchange protocols