Support for TLS v1.3 is enabled by default and will be negotiated in preference to older TLS protocols when the peer also supports TLS v1.3.
TLS v1.3 is the most secure TLS protocol available and brings with it new cipher suites and configuration options. It uses a shortened and more efficient initial connection negotiation sequence resulting in quicker connection times.
When updating existing installations, it is good practice to configure earlier TLS versions to operate alongside TLS v1.3. Once all peers have been upgraded to support TLS v1.3 you can disable the earlier TLS variants.
TLS v1.3 has reduced the requirement for long descriptive option lists that were used in TLS v1.2 and earlier. The following three aspects of negotiation have different configuration requirements from earlier version of TLS:
The three aspects of negotiation are now configured separately. This means that the Cipher suites field cannot be used to configure the TLS v1.3 Cipher and Hash collections. You can specify the TLS v1.3 cipher suites in the TLS1.3 Cipher Suites field in ESCWA.
The following are the new collections of cipher suites used in TLS v1.3:
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256