Picture of Infigo TLS1.2 to TLS1.3

Infigo TLS1.2 to TLS1.3

Summary

On 1 August 2025, Infigo will switch the secure connection layer for all customer sites from TLS 1.2 to the modern TLS 1.3 standard, with automatic fallback to TLS 1.2 for any legacy integrations. TLS 1.3 delivers a single–round-trip handshake—cutting handshake time by roughly 100 ms on average—which translates to snappier page loads for end users. It also streamlines cipher suites, eliminating outdated algorithms and only supporting robust, forward-secrecy ciphers. This upgrade strengthens encryption, improves performance, and reduces the attack surface for all connections to Infigo.

Use Cases

This TLS 1.3 upgrade is particularly helpful when:

  1. Serving global storefronts where even small latency gains improve user experience.

  2. Using modern CDN and load-balancer integrations that already support TLS 1.3, to maximize throughput.

  3. Maintaining legacy integrations—the fallback switch ensures uninterrupted service while you upgrade.

  4. Complying with security standards that require forward secrecy and deprecation of weak ciphers.

  5. Optimizing mobile performance, where every millisecond of handshake latency matters.

Guide

1. Background on TLS 1.2 vs. TLS 1.3

  • Handshake rounds: TLS 1.2 requires two round trips; TLS 1.3 combines negotiation and key exchange into one, cutting handshake latency in half.

  • Zero-RTT resumption: Clients can resume sessions with no additional round trips when revisiting the same site.

  • Cipher simplification: TLS 1.3 removes legacy ciphers (e.g., RSA key exchange, CBC) and supports only the most secure suites.

2. Why Infigo Is Upgrading

  • Performance: Average handshake drops from ~300 ms to ~200 ms

  • Security: Forward secrecy by default; more of the handshake is encrypted, reducing metadata leakage.

  • Future-proofing: Align with major browsers (Chrome, Firefox, Edge, Safari) and cloud providers.

3. What You Need to Do

  1. Review legacy integrations: Verify that any custom HTTP clients, middleware, or SDKs support at least TLS 1.2.

  2. Plan updates: If you discover unsupported clients, schedule upgrades to modern libraries.

4. Fallback Procedure

  • If any integration fails post-upgrade, a TLS Fallback Switch will automatically revert to TLS 1.2 instantly.

  • This fallback buys time to update or replace legacy clients without downtime.

5. Impact on End Users

  • Most customers: No observable change; connections automatically negotiate TLS 1.3.

Related Links

  • Cloudflare: Why use TLS 1.3?
    Cloudflare

  • Catchpoint: TLS 1.2 vs. 1.3 — Handshake, Performance, and Other Improvements
    Catchpoint

For additional guidance, contact our Customer Support team by submitting a support ticket.

Incomplete
Alternate Search Terms

migrate SSL, upgrade encryption protocol, enable modern TLS, fallback to older TLS, TLS handshake improvements, deprecate TLS 1.2, security upgrade Infigo, faster HTTPS connections, update HTTP client, resolve TLS connection errors.