Efficiency of TLS 1.2 and TLS 1.3 cryptographic protocols in modern web applications: analytical and practical aspects

Authors

DOI:

https://doi.org/10.18372/2073-4751.86.21273

Keywords:

TLS 1.2, TLS 1.3, AES-GCM, ChaCha20-Poly1305, ECDHE, web security, HTTPS

Abstract

This paper presents an empirical evaluation of TLS 1.2 and TLS 1.3 cryptographic protocols in modern web applications across two dimensions: cryptographic strength and system performance. An analytical review traces the protocol evolution from SSL 3.0 to TLS 1.3 (RFC 8446), documenting the transition from vulnerable CBC modes to AEAD algorithms (AES-256-GCM and ChaCha20-Poly1305) and the 1-RTT handshake with mandatory ECDHE key exchange.
The study compares two practical deployment scenarios of Nginx 1.18 with OpenSSL 3.0.2 on Ubuntu Server 22.04 LTS: a typical server-side configuration (TLS 1.2 + AES-256-GCM with AES-NI acceleration) and a mobile/IoT-oriented configuration (TLS 1.3 + ChaCha20-Poly1305 without AES-NI, emulated via OPENSSL_ia32cap). An additional control configuration (TLS 1.3 + AES-256-GCM without AES-NI) was included to compare cipher-suite behavior within TLS 1.3. Measurements were performed using open-source tools — wrk, Wireshark and openssl s_time.
The TLS 1.3 scenario demonstrated handshake time reduction from 4.8 to 3.0 ms (−37 %), TTFB reduction from 48.3 to 30.1 ms, and throughput increase from 430 to 515 Mbit/s (+20 %). The observed −18 % CPU utilization difference reflects the combined effect of protocol optimization, cipher choice and software-only execution — representative of the asymmetry between server and client-side TLS deployments. A practical 13-item secure TLS deployment checklist for DevSecOps engineers is proposed, aligned with NIST SP 800-52r2 and the Mozilla Server Side TLS Intermediate profile. The paper outlines the quantum-resistant transition path via NIST FIPS 203 (ML-KEM) standardization and IETF hybrid key exchange drafts (X25519MLKEM768, SecP256r1MLKEM768).

References

Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3 : RFC 8446. RFC Editor, 2018. URL: https://doi.org/10.17487/rfc8446

Holz R., Hiller J., Amann J., Razaghpanah A., Jost T., Vallina-Rodriguez N., Hohlfeld O. Tracking the deployment of TLS 1.3 on the web. ACM SIGCOMM Computer Communication Review. 2020. Vol. 50, № 3. P. 3–15. URL: https://doi.org/10.1145/3411740.3411742

Hasan M. M., Rajkumar S., Ali S. A., Satyanarayana V., Jeyanthi S., Qodirova G. Analyzing SSL/TLS Handshake Latency in Modern Web Applications. Journal of Internet Services and Information Security. 2025. Vol. 15, № 4. P. 445–458. URL: https://doi.org/10.58346/jisis.2025.i4.032

Restuccia G., Tschofenig H., Baccelli E. Low-Power IoT Communication Security: On the Performance of DTLS and TLS 1.3. 2020 9th IFIP International Conference on Performance Evaluation and Modeling in Wireless Networks (PEMWN). IEEE, 2020. URL: https://doi.org/10.23919/pemwn50727.2020.9293085

Sullivan N. A Detailed Look at RFC 8446 (a.k.a. TLS 1.3). The Cloudflare Blog. 2018. URL: https://blog.cloudflare.com/rfc-8446-aka-tls-1-3

Fossati T., Tschofenig H. Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things : RFC 7925. RFC Editor, 2016. URL: https://doi.org/10.17487/rfc7925

Aviram N., Schinzel S., Somorovsky J., Heninger N., Dankel M., Steube J. та ін. Drown: Breaking TLS using SSLv2. Proceedings of the 25th USENIX Security Symposium. 2016. P. 689–706.

Clark J., van Oorschot P. C. SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements. 2013 IEEE Symposium on Security and Privacy (SP). IEEE, 2013. URL: https://doi.org/10.1109/sp.2013.41

Білей О., Логутова Т. Безпека передачі даних для інтернету речей. Кібербезпека: освіта, наука, техніка. 2019. № 2(6). С. 6–18. URL: https://doi.org/10.28925/2663-4023.2019.6.618

Шифрування HTTPS в Інтернеті. Google Transparency Report. URL: https://transparencyreport.google.com/https/overview

Security/Server Side TLS. MozillaWiki. 2026. URL: https://wiki.mozilla.org/Security/Server_Side_TLS

Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations : NIST SP 800-52 Rev. 2. National Institute of Standards and Technology, 2019. URL: https://doi.org/10.6028/NIST.SP.800-52r2

Oppliger R. SSL and TLS: Theory and Practice. 2nd ed. Artech House, 2016.

Dierks T., Rescorla E. The TLS Protocol Version 1.2 : RFC 5246. IETF, 2008. URL: https://doi.org/10.17487/rfc5246

Ericson J. TLS1.3. GitHub. 2025. URL: https://github.com/openssl/openssl/wiki/TLS1.3

Module-Lattice-Based Key-Encapsulation Mechanism Standard : FIPS 203. National Institute of Standards and Technology, 2024. URL: https://doi.org/10.6028/NIST.FIPS.203

Connolly D. ML-KEM Post-Quantum Key Agreement for TLS 1.3. IETF Datatracker. 2024. URL: https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/

Stebila D., Fluhrer S., Gueron S. Hybrid key exchange in TLS 1.3. IETF Datatracker. 2026. URL: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/

Nimeh J. JEP 527: Post-Quantum Hybrid Key Exchange for TLS 1.3. OpenJDK. 2025. URL: https://openjdk.org/jeps/527

Zheng J., Zhu H., Dong Y., Song Z., Zhang Z., Yang Y., Zhao Y. Faster Post-quantum TLS 1.3 Based on ML-KEM: Implementation and Assessment. Lecture Notes in Computer Science. Springer Nature Switzerland, 2024. P. 123–143. URL: https://doi.org/10.1007/978-3-031-70890-9_7

Montenegro J. A., Rios R., López-Cerezo J. A Performance Evaluation Framework for Post-Quantum TLS. Future Generation Computer Systems. 2025. P. 108062. URL: https://doi.org/10.1016/j.future.2025.108062

Kampanakis P., Childs-Klein W. The impact of data-heavy, post-quantum TLS 1.3 on the Time-To-Last-Byte of Web connections. Workshop on Measurements, Attacks, and Defenses for the Web. Internet Society, 2024. URL: https://doi.org/10.14722/madweb.2024.23010

Open Quantum Safe provider for OpenSSL. GitHub. 2024. URL: https://github.com/open-quantum-safe/oqs-provider

Hodges J., Jackson C., Barth A. HTTP Strict Transport Security (HSTS) : RFC 6797. RFC Editor, 2012. URL: https://doi.org/10.17487/rfc6797

Bishop M. HTTP/3 : RFC 9114. RFC Editor, 2022. URL: https://doi.org/10.17487/rfc9114

OWASP Secure Headers Project. OWASP Foundation. 2024. URL: https://owasp.org/www-project-secure-headers/

Module-Lattice-Based Digital Signature Standard : FIPS 204. National Institute of Standards and Technology, 2024. URL: https://doi.org/10.6028/nist.fips.204

Downloads

Published

2026-05-30

How to Cite

Diachuk, O. Y., Koloshchuk, M. S., Rudiuk, B. M., & Kvasnikov, V. P. (2026). Efficiency of TLS 1.2 and TLS 1.3 cryptographic protocols in modern web applications: analytical and practical aspects. Problems of Informatization and Control, 2(86), 52–60. https://doi.org/10.18372/2073-4751.86.21273

Issue

Vol. 2 No. 86 (2026)

Section

Статті

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.