What do i have to do to enable TLS 1.3 for my site?

Nothing! TLS 1.3 is enabled by default for all sites, no matter which TLS options you use.

A note on TLS 1.3 Zero Round Trip Time (0-RTT)

Zero Round Trip Time (0-RTT), also called "early data" is a new feature of TLS 1.3 that speeds up existing connections by sending encrypted data with the first resumed connection without waiting for any round trip.

This presents one caveat, data sent using 0-RTT is prone to Replay attacks. Therefore it is important to ensure that the server only executes operations received via 0-RTT data that are idempotent e.g. HTTP GET requests. For all other operations, the server should force the client to perform a full handshake with one round trip. In most cases, the first request a client sends is not a state-changing transaction, but instead something idempotent like an HTTP GET request.

wao.io enables this feature in addition to TLS 1.3 for your site, but only for safe HTTP methods. This means all methods considered harmless can use 0-RTT, while all requests that use other methods receive a "425 Too Early" response and require a full handshake. The full handshake is automatically performed by all browsers with TLS 1.3 compatibility when they receive an "Error" 425.

In addition we send a header "Early-Data" with the value "1" to the origin in case the request was performed using a 0-RTT connection to signal this to the origin server if you require further handling in your application.

Did this answer your question?