RFC 8446RFCMust KnowBack OfficeProduct2018

Transport Layer Security 1.3

Transport Security·RFC Editor

WHY YOU NEED THIS

Every HTTPS connection, SMTP/IMAP over TLS, OAuth token exchange, and API call uses TLS. It is the foundational security layer.

What It Defines

Defines TLS 1.3 — the current standard for encrypting and authenticating connections. Features: 1-RTT handshake, 0-RTT resumption, forward secrecy by default, eliminated weak algorithms.

Canonical (Normative)

RFC 8446

Convenient (Practical)

The Illustrated TLS 1.3 Connection Cloudflare: TLS 1.3

tlssecurityencryptionhttps

Standards Body

RFC Editor

The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.

Visit

Related Specs

RFC 9000RFCShould Know

QUIC

HTTP/3 runs on QUIC. Modern CDNs and browsers use it by default. It fixes TCP's head-of-line blocking problem for multiplexed requests.

ProductTransport

Details

RFC 6797RFCMust Know

HSTS

A one-line HTTP header that eliminates a class of downgrade attacks. Every public web app should set HSTS.

ProductTransport Security

Details

CA/B Forum BRCA/BMust Know

CA/B BR

Governs every TLS certificate you buy or provision via Let's Encrypt/ACM/Digicert. Understanding BR helps with cert errors, CAA records, and domain validation requirements.

Back OfficeProductCertificate Trust

Details

RFC 9110RFCMust Know

HTTP Semantics

This is the core contract of every web API, browser request, and server response. You can't design or debug HTTP without knowing this.

ProductHTTP

Details