Security

TLS 1.3 finally getting some traction on web browsers

TLS 1.3 is the latest major version of the protocol that secures most of the web. In this post we explain what changed, why it matters and what it means in practice when you share files, transfer files and send files secure with tools like Free Transfer.

What is TLS and why does it matter?

TLS (Transport Layer Security) is the protocol that turns plain HTTP into HTTPS. It establishes an encrypted tunnel between your browser and a website so that outsiders cannot read or modify the data being sent. Without TLS, login forms, messages and file transfers would be exposed to anyone who can observe the network path between you and the server.

For a project like Free Transfer, TLS is a foundational building block. Even though we rely heavily on P2P technology such as WebRTC to send file data directly between users, the initial page load and signalling still travel over HTTPS. Strong TLS support ensures that these steps cannot be easily tampered with or observed.

Key improvements in TLS 1.3

TLS 1.3 brings several important improvements over previous versions:

  • Fewer round‑trips: The handshake that establishes a secure connection is faster, which reduces latency, especially noticeable on high‑latency networks.
  • Modern cryptography only: Outdated and weak algorithms have been removed, reducing the risk of misconfiguration.
  • Better forward secrecy: Session keys are designed so that even if a server’s long‑term key is compromised later, past sessions remain secure.

These changes make it safer and more efficient to use HTTPS for everyday tasks, including visiting websites, using APIs and bootstrapping private file sharing sessions.

How browser support is catching up

For a standard to make a difference, it needs adoption. Over the last few years, major browsers – Chrome, Firefox, Edge and Safari – have rolled out robust TLS 1.3 support. Many large websites and CDNs have enabled it, and it is increasingly the default for new deployments. This means that when you connect to modern services, you are likely already benefiting from TLS 1.3 without noticing.

Free Transfer follows this trend by ensuring that our own HTTPS endpoints are configured to use strong TLS settings and to prefer TLS 1.3 where available. This helps protect the initial steps of the workflow: visiting the site, establishing WebSocket connections for signalling and fetching necessary resources.

What TLS 1.3 means for P2P file sharing

WebRTC, the technology used by Free Transfer to send files directly between browsers, also relies on TLS‑related concepts. It uses DTLS (Datagram TLS) and SRTP (Secure Real‑time Transport Protocol) to encrypt media and data channels. While this is distinct from the HTTPS layer, both share a focus on modern cryptography and forward secrecy.

As the broader ecosystem moves to TLS 1.3, it reinforces a culture where strong, up‑to‑date encryption is the norm rather than an optional upgrade. Users increasingly expect that when they send files secure, every layer of the stack adopts current best practices. TLS 1.3 support in browsers is part of that story.