TLS1.2 IS DEAD … BE READY FOR TLS1cdn-cms.f-static.com/uploads/164655/normal_59086dbd7c7ac.pdf · 2008 . TLS 1.2 Added support for authenticated encryption (AES-GCM, CCM modes)
Post on 13-Sep-2019
1 Views
Preview:
Transcript
28 March 2017
Enterprise Architecture Technology & Operations
TLS1.2 IS DEAD … BE READY FOR TLS1.3
Presenter Photo
Motaz Alturayef
Jubial Cyber Security Conference
70%
Privacy and security concerns are driving encrypted
traffic growth, which is expected to represent 70 percent of all Internet traffic this year.
Source: Sandvine, Global Internet Phenomena Spotlight, 2016
The history of SSL and TLS?
1995 1999 2006 2008 …
TLS 1.2 Added support for authenticated encryption (AES-GCM, CCM modes) and removed hard-coded primitives RFC5246
TLS 1.0 Standardized SSL3 with almost no changes RFC2246
TLS 1.1 Security fixes and TLS extensions RFC4346
1994
SSL3 Created by Netscape to address SSL2 flaws
SSL1 and SSL2 Created by Netscape and contained significant flaws
Crap hits the fan First set of public SSL exploits
SSL isn’t perfect SSL vulnerabilities exposed
February 2010
September 2011
February 2013
March 2013
March 2013 … April
2014
RC4 Attacks Weakness in CBC cipher making plaintext guessing possible
BEAST & CRIME Client-side or MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws
RFC 5746 TLS extension for secure renegotiation quickly mainstreamed
Lucky 13 Another timing attack
August 2009
August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack
TIME A refinement and variation of CRIME
Heartbleed The end of the Internet as we know it!
POODLE Padding oracle attack on SSLv3
Dire POODLE Padding oracle attack on TLS
FREAK Implementation attack on export ciphers
LogJam Implementation attack on weak DH
How TLS1.2 works Client Server
Client Hello Support Cipher Suites Server Hello
Chosen Cipher Suites Key Share
Key Share
Finished
Finished
HTTP GET
HTTP Response
How TLS1.3 works Client Server
Client Hello Support Cipher Suites
Key Share
Server Hello Chosen Cipher Suites
Key Share
Finished
HTTP GET
Certificate and Signature Finished
HTTP Response
Speeding Up TLS1.2 Resumption
Client Server Client Hello
Session ID
Server Hello
Finished
HTTP GET
Finished
HTTP Response
TLS1.3 0-RTT Resumption
Client Server Client Hello
Session Ticket
Key Share Server Hello
Key Share HTTP GET
Finished
HTTP Response
TLS1.3 is Anti-Downgrade
TLS1.3 uses a smart of way of detecting of there is a MiTM trying to downgrade the connection. This Achieved by sending Random number with “ClientHello” So connection cannot be downgraded if the client support TLS1.3
Removed with TLS1.3
• Static RSA HandShake • CBC • RC4 • SHA1 • MD5 • Compression • Renegotiation
Keeping Your SSL up to Date
Understanding SSL?
Key Exchange For exchanging keying information at the start of the session
Message (bulk) Encryption Uses the master secret to encrypt data between parties
Message Authentication Produces one-way encrypted hashes of data for data integrity
RSA DHE_RSA ECDH(E)_RSA ECDH(E)_ECDSA
RSA AES DES/3DES RC4 Camellia
MD5 SHA
Reading SSL? Cryptographic notation
TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256 Protocol Authentication Algorithm Strength Mode
Key Exchange Message (bulk) Encryption Message Authentication
Ivan Ristic: Bulletproof SSL and TLS
SSL Strength SSL intelligence and best practices Achieving an A+ grade
• Require Secure Renegotiation [A-]
• Disable SSLv2 and SSLv3 (default in 11.5+) [B]
• Disable RC4 [B/C]
• Disable 3DES
• SHA1 Certs as no longer accepted
• Prefer Perfect Forward Secrecy (prioritize ECDHE, DHE) [A-/B], Min 2048
• Enable TLS_FALLBACK_SCSV [A]
• Enable HSTS [A]
• Patch to TMOS 11.4.1HF7, 11.5.1HF7, 11.5.2 or 11.6 [C or F]
• Use an explicit and strong cipher string
Extra credit for PCI compliance
• Disable TLS 1.0
NATIVE:!SSLv2:!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-SSLv3:-RC4
Reference : https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Sources
• CloudFlair: An overview of TLS 1.3 and Q&A Presentation By Filippo Valsorda • F5 Networks: SSL Presenation • RFC: The Transport Layer Security (TLS) Protocol
Version 1.3 draft-ietf-tls-tls13-19
top related