TLS1.2 IS DEAD … BE READY FOR TLS1cdn-cms.f-static.com/uploads/164655/normal_59086dbd7c7ac.pdf · 2008 . TLS 1.2 Added support for authenticated encryption (AES-GCM, CCM modes)

28 March 2017

Enterprise Architecture Technology & Operations

TLS1.2 IS DEAD … BE READY FOR TLS1.3

Presenter Photo

Motaz Alturayef

Jubial Cyber Security Conference

70%

Privacy and security concerns are driving encrypted

traffic growth, which is expected to represent 70 percent of all Internet traffic this year.

Source: Sandvine, Global Internet Phenomena Spotlight, 2016

The history of SSL and TLS?

1995 1999 2006 2008 …

TLS 1.2 Added support for authenticated encryption (AES-GCM, CCM modes) and removed hard-coded primitives RFC5246

TLS 1.0 Standardized SSL3 with almost no changes RFC2246

TLS 1.1 Security fixes and TLS extensions RFC4346

1994

SSL3 Created by Netscape to address SSL2 flaws

SSL1 and SSL2 Created by Netscape and contained significant flaws

Crap hits the fan First set of public SSL exploits

SSL isn’t perfect SSL vulnerabilities exposed

February 2010

September 2011

February 2013

March 2013

March 2013 … April

2014

RC4 Attacks Weakness in CBC cipher making plaintext guessing possible

BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws

RFC 5746 TLS extension for secure renegotiation quickly mainstreamed

Lucky 13 Another timing attack

August 2009

August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack

TIME A refinement and variation of CRIME

Heartbleed The end of the Internet as we know it!

POODLE Padding oracle attack on SSLv3

Dire POODLE Padding oracle attack on TLS

FREAK Implementation attack on export ciphers

LogJam Implementation attack on weak DH

How TLS1.2 works Client Server

Client Hello Support Cipher Suites Server Hello

Chosen Cipher Suites Key Share

Key Share

Finished

Finished

HTTP GET

HTTP Response

How TLS1.3 works Client Server

Client Hello Support Cipher Suites

Key Share

Server Hello Chosen Cipher Suites

Key Share

Finished

HTTP GET

Certificate and Signature Finished

HTTP Response

Speeding Up TLS1.2 Resumption

Client Server Client Hello

Session ID

Server Hello

Finished

HTTP GET

Finished

HTTP Response

TLS1.3 0-RTT Resumption

Client Server Client Hello

Session Ticket

Key Share Server Hello

Key Share HTTP GET

Finished

HTTP Response

TLS1.3 is Anti-Downgrade

TLS1.3 uses a smart of way of detecting of there is a MiTM trying to downgrade the connection. This Achieved by sending Random number with “ClientHello” So connection cannot be downgraded if the client support TLS1.3

Removed with TLS1.3

• Static RSA HandShake • CBC • RC4 • SHA1 • MD5 • Compression • Renegotiation

Keeping Your SSL up to Date

Understanding SSL?

Key Exchange For exchanging keying information at the start of the session

Message (bulk) Encryption Uses the master secret to encrypt data between parties

Message Authentication Produces one-way encrypted hashes of data for data integrity

RSA DHE_RSA ECDH(E)_RSA ECDH(E)_ECDSA

RSA AES DES/3DES RC4 Camellia

MD5 SHA

Reading SSL? Cryptographic notation

TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256 Protocol Authentication Algorithm Strength Mode

Key Exchange Message (bulk) Encryption Message Authentication

Ivan Ristic: Bulletproof SSL and TLS

SSL Strength SSL intelligence and best practices Achieving an A+ grade

• Require Secure Renegotiation [A-]

• Disable SSLv2 and SSLv3 (default in 11.5+) [B]

• Disable RC4 [B/C]

• Disable 3DES

• SHA1 Certs as no longer accepted

• Prefer Perfect Forward Secrecy (prioritize ECDHE, DHE) [A-/B], Min 2048

• Enable TLS_FALLBACK_SCSV [A]

• Enable HSTS [A]

• Patch to TMOS 11.4.1HF7, 11.5.1HF7, 11.5.2 or 11.6 [C or F]

• Use an explicit and strong cipher string

Extra credit for PCI compliance

• Disable TLS 1.0

NATIVE:!SSLv2:!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-SSLv3:-RC4

Reference : https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide

Sources

• CloudFlair: An overview of TLS 1.3 and Q&A Presentation By Filippo Valsorda • F5 Networks: SSL Presenation • RFC: The Transport Layer Security (TLS) Protocol

Version 1.3 draft-ietf-tls-tls13-19