{"id":9563,"date":"2020-12-14T07:22:58","date_gmt":"2020-12-14T15:22:58","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=9563"},"modified":"2025-06-13T23:06:14","modified_gmt":"2025-06-14T06:06:14","slug":"tls-1-3-encryption","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/","title":{"rendered":"TLS 1.3 encryption arrives to Couchbase Server 7.0"},"content":{"rendered":"

The Couchbase Server 7.0 Beta is now available with some additional enhancements to strengthen the security of the platform.\u00a0 Couchbase uses TLS encryption across our portfolio to ensure communication across the network is secure, meaning that outside parties cannot eavesdrop or tamper with the requests your application makes to the database or even the data travelling between the nodes in the cluster or between clusters.\u00a0 A new important announcement is the introduction of TLS 1.3 support.\u00a0<\/span><\/p>\n

What is TLS ?\u00a0<\/span><\/h4>\n

Let\u2019s start with a bit of history.\u00a0\u00a0<\/span><\/p>\n

When people talk about accessing secure websites such as e-commerce or online banking, you will often hear people refer to SSL encryption as being the underlying system which keeps them safe.\u00a0 This is a common mistake.\u00a0 Secure Sockets Layer (SSL) was originally the system used to do this but was replaced in 1999 with the introduction of Transport Layer Security (TLS)\u00a0 (RFC 2246<\/a>) as the method in which the world uses to secure online communications.\u00a0 Over time this was improved upon with the TLS 1.1 (RFC 4346<\/a>) standard in 2006, and again followed up with the TLS 1.2 standard in 2008 (RFC 5246<\/a>).\u00a0 But what about HTTPS, doesn\u2019t that refer to SSL ? No, the S in HTTPS refers to secure HTTP. <\/span><\/p>\n

In the summer of 2018, the final specification for the TLS 1.3 standard was agreed on as RFC 8446<\/a> and this is now what we are introducing in Couchbase Server 7.0.<\/span><\/p>\n

TLS consists of a client and a server.\u00a0 The client will initiate the connection with a handshake, where it will present a list of cipher suites that it knows how to handle.\u00a0 A cipher suite is a set of cryptographic algorithms which usually includes a key exchange algorithm, a bulk encryption algorithm, and a message authentication code (MAC) algorithm.\u00a0 From this list the server will pick a set of functions that it also knows how to communicate with and then will notify the client on how to proceed.<\/span><\/p>\n

Why is Couchbase adding TLS 1.3 support ?<\/span><\/h4>\n

\u00a0TLS version 1.2 remains a secure option to this day, but by adopting the newer 1.3 standards we are future proofing against threats which haven\u2019t yet been discovered. \u00a0 Just like any other security, over time algorithms and protocols improve, becoming more secure and adding additional features to make it more difficult to intercept or tamper with communications.\u00a0<\/span><\/p>\n

For example, the older TLS 1.2 enables administrators to configure cipher suite preferences to make sure the stronger ciphers are preferred over weaker ones, but most administrators don\u2019t take advantage of this ability and leave the default ordering of ciphers which makes them unknowingly vulnerable.\u00a0 With the introduction of TLS 1.3, many of these older ciphers aren\u2019t even available as an option so the default available cipher suites are already at a higher standard.\u00a0<\/span><\/p>\n

Currently Google Chrome, the world’s most popular web browser, <\/span>no longer supports<\/span><\/a> connecting to websites secured using the TLS 1.0 or 1.1 protocol.\u00a0 There are similar measures that have been put in place in Firefox, Safari and Edge.\u00a0 <\/span>And the PCI DSS security standard, which is mandated for companies handling credit card payments, has required at least TLS 1.1 since July 2018, with strong guidance to use TLS 1.2.\u00a0\u00a0<\/span>Many industries consider TLS 1.0 and 1.1 as no longer secure and this is why Couchbase recommends that customers use TLS 1.2 or higher for all use-cases. With the introduction of TLS 1.3 we are one step ahead of the standards.<\/span><\/p>\n

How do I use TLS 1.3 with Couchbase Server 7.0 ?<\/h4>\n

It’s a simple process and we\u2019re going to use the excellent free SSL\/TLS test tool from https:\/\/testssl.sh<\/a> to verify what protocols are in use.<\/span><\/p>\n

You can get the latest copy from their website as a download or a git clone, we\u2019re going to download it with their git repository using a Ubuntu 16 machine.<\/span><\/p>\n

git clone --depth 1 https:\/\/github.com\/drwetter\/testssl.sh.git \r\ntestssl \u00a0cd testssl\/<\/pre>\n
Next we\u2019ll test a default installation of the Couchbase Server 7.0 Beta.\u00a0 For the purpose of brevity we\u2019ll call the Test SSL tool without additional headers and warnings, and only show the protocol information.\u00a0 We\u2019ll run this tool on one of the Couchbase Server nodes against the Data Service TLS encrypted port<\/a>.\u00a0<\/span><\/p>\n
.\/testssl.sh --quiet --warnings off -p localhost:11207 \r\nTesting protocols via sockets except NPN+ALPN \u00a0\r\nSSLv2\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nSSLv3\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nTLS 1\u00a0 \u00a0 \u00a0 offered (deprecated) \u00a0\r\nTLS 1.1\u00a0 \u00a0 offered (deprecated) \u00a0\r\nTLS 1.2\u00a0 \u00a0 offered (OK) \u00a0\r\nTLS 1.3\u00a0 \u00a0 offered (OK): final \u00a0\r\nNPN\/SPDY \u00a0 not offered \u00a0\r\nALPN\/HTTP2 not offered<\/pre>\n
As you can see, the Server and Client have negotiated the strongest protocol they both understand and so the final connection is established with TLS 1.3 without any configuration changes needed.
\n<\/span><\/p>\n
What if we wanted to ensure the cluster doesn\u2019t even offer the deprecated older TLS 1.0\/1.1 protocols ?\u00a0 We can issue a cluster-wide CLI command to require TLS version 1.2 as the minimum.\u00a0<\/span><\/span><\/p>\n
\/opt\/couchbase\/bin\/couchbase-cli setting-security -c localhost:8091 \\\r\n -u Administrator -p password --set --tls-min-version tlsv1.2\r\n\r\nSUCCESS: Security settings updated<\/pre>\n
And then re-test the Data Service port again. <\/span><\/p>\n
.\/testssl.sh --quiet --warnings off -p localhost:11207 \r\nTesting protocols via sockets except NPN+ALPN \u00a0\r\nSSLv2\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nSSLv3\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nTLS 1\u00a0 \u00a0 \u00a0 not offered \u00a0\r\nTLS 1.1\u00a0 \u00a0 not offered \u00a0\r\nTLS 1.2\u00a0 \u00a0 offered (OK) \u00a0\r\nTLS 1.3\u00a0 \u00a0 offered (OK): final \u00a0\r\nNPN\/SPDY \u00a0 not offered \u00a0\r\nALPN\/HTTP2 not offered\r\n<\/pre>\n
\u00a0<\/span>As you can see, only TLS 1.2 and higher was offered as an option.\u00a0<\/span><\/p>\n
At the time of writing, TLS 1.3 hasn\u2019t been implemented across all of the Couchbase Services in the Couchbase Server 7.0 Beta, so the cluster-wide option of setting a TLS 1.3 minimum isn\u2019t yet available.<\/span><\/p>\n
What you can do though, is set the minimum TLS to 1.3 on the services where it is available using the REST API.\u00a0 Let\u2019s set the Data Service encrypted port to only allow TLS 1.3.\u00a0<\/span><\/p>\n
curl -k https:\/\/localhost:18091\/settings\/security\/data\/tlsMinVersion \\\r\n-u Administrator:password -X POST -d \"tlsv1.3\"\r\n<\/pre>\n
And then re-run the test tool.\u00a0<\/span><\/p>\n
.\/testssl.sh --quiet --warnings off -p localhost:11207 \u00a0\r\nlocalhost:11207 appears to support TLS 1.3 ONLY. \r\nYou better use --openssl= \u00a0\r\nTesting protocols via sockets except NPN+ALPN \u00a0\r\nSSLv2\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nSSLv3\u00a0 \u00a0 \u00a0 not offered (OK) \u00a0\r\nTLS 1\u00a0 \u00a0 \u00a0 not offered \u00a0\r\nTLS 1.1\u00a0 \u00a0 not offered \u00a0\r\nTLS 1.2\u00a0 \u00a0 not offered \u00a0\r\nTLS 1.3\u00a0 \u00a0 offered (OK): final \u00a0\r\nNPN\/SPDY \u00a0 not offered \u00a0\r\nALPN\/HTTP2 not offered\r\n<\/pre>\n
As you can see, TLS 1.3 is now the only offered option available.<\/span><\/p>\n
Give the Couchbase Server 7.0 Beta a try today and use some of our new security features !<\/span><\/p>\n
Availability and Duration of Beta<\/h3>\n
Documentation<\/p>\n
What\u2019s new<\/a><\/p>\n
Release notes<\/a><\/p>\n
Additional Blogs<\/p>\n
Scopes and Collections for Modern Multi-Tenant Applications: Couchbase 7.0<\/a><\/p>\n
Couchbase Transactions with N1QL<\/a><\/p>\n
Get the Beta of Community Edition and Enterprise Edition<\/p>\n
Download<\/a><\/p>\n
Couchbase 7 Beta is available for both Enterprise and Community Editions. Everyone can download the software from\u00a0https:\/\/www.couchbase.com\/downloads<\/a><\/p>\n
Customer support is available via your regular support channels, while Community support is available through the Couchbase forums at\u00a0https:\/\/www.couchbase.com\/forums\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
The Couchbase Server 7.0 Beta is now available with some additional enhancements to strengthen the security of the platform.\u00a0 Couchbase uses TLS encryption across our portfolio to ensure communication across the network is secure, meaning that outside parties cannot eavesdrop […]<\/p>\n","protected":false},"author":1864,"featured_media":9740,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1816,1813],"tags":[1666,1660,9262],"ppma_author":[8928],"class_list":["post-9563","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-server","category-security","tag-encryption","tag-ssl","tag-tls-encryption"],"acf":[],"yoast_head":"\nTLS 1.3 encryption arrives to Couchbase Server 7.0 - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TLS 1.3 encryption arrives to Couchbase Server 7.0\" \/>\n<meta property=\"og:description\" content=\"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-14T15:22:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T06:06:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ian McCloy, Director Product Management\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ian McCloy, Director Product Management\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\"},\"author\":{\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\"},\"headline\":\"TLS 1.3 encryption arrives to Couchbase Server 7.0\",\"datePublished\":\"2020-12-14T15:22:58+00:00\",\"dateModified\":\"2025-06-14T06:06:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\"},\"wordCount\":944,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg\",\"keywords\":[\"Encryption\",\"SSL\",\"TLS encryption\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Server\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\",\"name\":\"TLS 1.3 encryption arrives to Couchbase Server 7.0 - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg\",\"datePublished\":\"2020-12-14T15:22:58+00:00\",\"dateModified\":\"2025-06-14T06:06:14+00:00\",\"description\":\"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg\",\"width\":1200,\"height\":628,\"caption\":\"TLS Encryption\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TLS 1.3 encryption arrives to Couchbase Server 7.0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19\",\"name\":\"Ian McCloy, Director Product Management, Couchbase\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g\",\"caption\":\"Ian McCloy, Director Product Management, Couchbase\"},\"description\":\"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/ianmccloy\/\"],\"url\":\"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"TLS 1.3 encryption arrives to Couchbase Server 7.0 - The Couchbase Blog","description":"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/","og_locale":"en_US","og_type":"article","og_title":"TLS 1.3 encryption arrives to Couchbase Server 7.0","og_description":"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.","og_url":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/","og_site_name":"The Couchbase Blog","article_published_time":"2020-12-14T15:22:58+00:00","article_modified_time":"2025-06-14T06:06:14+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg","type":"image\/jpeg"}],"author":"Ian McCloy, Director Product Management","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ian McCloy, Director Product Management","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/"},"author":{"name":"Ian McCloy, Director Product Management, Couchbase","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19"},"headline":"TLS 1.3 encryption arrives to Couchbase Server 7.0","datePublished":"2020-12-14T15:22:58+00:00","dateModified":"2025-06-14T06:06:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/"},"wordCount":944,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg","keywords":["Encryption","SSL","TLS encryption"],"articleSection":["Best Practices and Tutorials","Couchbase Server","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/","url":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/","name":"TLS 1.3 encryption arrives to Couchbase Server 7.0 - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg","datePublished":"2020-12-14T15:22:58+00:00","dateModified":"2025-06-14T06:06:14+00:00","description":"Couchbase Server version 7.0 introduces the TLS version 1.3 protocol for secure encrpytion on the wire. TLS 1.3 Security is for data that your application writes to the database or even the data travelling between the nodes in the cluster or across multiple clusters.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2020\/11\/encryption-blogbanner.jpg","width":1200,"height":628,"caption":"TLS Encryption"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/tls-1-3-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"TLS 1.3 encryption arrives to Couchbase Server 7.0"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/7e8c834bce5128ad6cd764cd1c4cea19","name":"Ian McCloy, Director Product Management, Couchbase","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/97dd714a3242521ce9dcea0d96550c5f","url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","caption":"Ian McCloy, Director Product Management, Couchbase"},"description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom. His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella. This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator. Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/","sameAs":["https:\/\/www.linkedin.com\/in\/ianmccloy\/"],"url":"https:\/\/www.couchbase.com\/blog\/author\/ian-mccloycouchbase-com\/"}]}},"authors":[{"term_id":8928,"user_id":1864,"is_guest":0,"slug":"ian-mccloycouchbase-com","display_name":"Ian McCloy, Director Product Management","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/41f65bee70b5e03e46ae996303a13060d366d405ecb235ff5493d4f1ac3a6f3d?s=96&d=mm&r=g","author_category":"","last_name":"McCloy, Director Product Management","first_name":"Ian","job_title":"","user_url":"","description":"Ian McCloy is the Director of the Platform and Security Product Management Group for Couchbase and lives in the United Kingdom.  His dedicated team is responsible for the Reliability, Availability, Serviceability and Security architecture of Couchbase Server and the SaaS Database, Capella.  This team also own cloud-native platforms like the Couchbase Kubernetes Autonomous Operator.  Ian has a vast range of experience as a Software Engineer, Technical Support Engineer, Quality Assurance Engineer and Systems Administrator. Ian has led global technical teams for the majority of his 20 year professional career and holds several patents in the areas of information security, virtualisation and hardware design. https:\/\/www.linkedin.com\/in\/ianmccloy\/"}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/9563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/1864"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=9563"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/9563\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/9740"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=9563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=9563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=9563"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=9563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}