Despite what may seem like draft after draft of specifications, along with continuous proclamations of “it’s almost here!,” the latest encryption standard, TLS v1.3, really is almost ready. The Network Working Group of the Internet Engineering Task Force has pushed to make Draft 28 of TLS v1.3 the final standard.
In addition, OpenSSL added Draft 28 to the pre-release version of its 1.1.1 software library; Google’s Chrome browser added support for Draft 28, beginning with version 65; and Draft 28 is already enabled by default when accessing Gmail (using Chrome). Because TLS v1.3 will be here officially before you know it, now is the time to prepare.
Every organization should be focusing on three crucial issues to ensure the appropriate level of security, interoperability, and performance:
- How to handle zero round-trip-time resumption (0-RTT)
- Preparing for downgrades to TLS v1.2
- The need for infrastructure and application testing
Worth the Round Trip?
One highly discussed feature of TLS v1.3 is the 0-RTT option, which has the potential to significantly increase performance during an encrypted session between endpoints. Even without 0-RTT, TLS v1.3 speeds connection time between a client and server with a slimmer handshake protocol. Secure web communications using TLS v1.2 require two round trips between the client and server prior to the client making an HTTP request and the server generating a response. TLS v1.3 reduces the requirement to one round trip — which is only one round trip more than a simple nonencrypted HTTP transaction — and offers the ability to inherit trust to accomplish zero round trips, or 0-RTT.
Although the 0-RTT option potentially provides better performance, it creates a significant security risk. With 0-RTT, a transaction becomes easy prey for a replay attack, in which a threat actor can intercept an encrypted client message and resend it to the server, tricking the server into improperly extending trust to the threat actor and thus potentially granting the threat actor access to sensitive data.
Organizations should therefore be wary of allowing or using 0-RTT in their services and applications, due to the potential security risks. Developers need to be particularly attentive to this issue because it requires proactive configuration to ensure security. Unless your application or access is highly sensitive to latency, the new option is not worth the security risk.
Don’t Let the Downgrade Drag Security Down
One of the great benefits of TLS v1.3 is that it eliminates support for legacy encryption standards and cipher suites. It allows backward compatibility to TLS v1.2, which, of course, is essential for transitioning to the new standard and to ensure interoperability. Before allowing a fallback to TLS v1.2, however, it is important to review your security settings. Any TLS v1.2 implementation must be configured to support higher security standards. Select strong cipher suites, including ones that leverage elliptic curve key exchange, use large asymmetric keys, and implement perfect forward secrecy. Disabling the lower cryptographic algorithms will help prevent security breaches such as man-in-the-middle attacks.
Testing 1, 2, 3…
Now is the time to be testing your infrastructure and applications for TLS v1.3 compatibility. Changing to this new encryption standard may be disruptive, and you will want to get ahead of any problems or issues. Test for interoperability, security, and performance in a combined, holistic manner, rather than as a series of separate tests that may encourage undesirable trade-offs in decision-making and implementation. Leverage highly realistic traffic mixes and require them to fully emulate your traffic’s characteristics including the appropriate levels of encrypted traffic. Validate how internal and external users will interact with your systems and consider what this change in encryption may mean for an employee, customer, partner, or any other relevant stakeholder.
Test network clients, including mobile devices and tablets. Test servers, including any supporting equipment. Test all components of security equipment, including identity and access management systems, next-generation firewalls and data center firewalls, web proxies and SSL/TLS visibility solutions, IDS/IPS and endpoint security. Test storage and backup, both on-site and cloud-based. Test networking infrastructure, including wireless access points, any cloud resources, and anything else that might be involved with encrypted communication. Consider all applications, including email.
There is much to look forward to with TLS v1.3. New levels of security and performance will benefit everyone and address many issues with current encryption, despite the challenges. If you stay ahead of the process, you can transform changes into opportunities for improvement rather than problems that disrupt your business.
David DeSanto is a security expert with more than 15 years of security research, software development, and product strategy experience. At Spirent, David focuses on driving innovation by looking holistically at security testing and defining product requirements with the … View Full Bio