TLS v1.3 is here
Written by Joseph Poppy on 24/08/2018
Recently, when discussing Chrome’s current push to get everyone onto HTTPS, we touched upon the TLS handshake, mentioning that the latest version of TLS was version 1.2. Since then, TLS version 1.3 has been made available for use, successfully dating our literature that was previously held with such high esteem. Of course, TLS v1.3 still has to be adopted and implemented by the Internet in general, so for the most part 1.2 will still be the most prominently used version for a while yet.
What is TLS v1.3?
The changes made with this new version of TLS are substantial enough that it could well have been released as version 2.0. Ultimately, it further secures the web and removes some of the cryptographic flaws found in previous versions. It does this by removing several features that could be considered obsolete or, at the very least, insecure. These include:
- Static RSA Handshake
- CBC MtE modes
- SHA1, MD5
This list is by no means exhaustive. By implementing these changes, version 1.3 protects against many vulnerabilities, including high-profile flaws like SWEET32 and BEAST that have plagued many organisations’ penetration test reports for the last couple of years. Some of the changes in v1.3 are long overdue: for example, MD5 was effectively broken over a decade ago. Sure, it has been depreciated and its use widely discouraged, but it was still hanging about in TLS v1.2 for people to theoretically use.
Version 1.3 also streamlines the handshake process, requiring fewer roundtrips. It's much simpler than before, with the client and server only doing one set of 'Hi' and 'Hi back' compared to v1.2's multiple stages. Theoretically, this will shave precious milliseconds off the handshake time thus reducing network latency as fewer packets are being sent. Furthermore, v1.3 introduces 0-RTT Resumption. If the client has connected to a server before, then it can reconnect with a zero-round trip handshake, which it does using stored secret information. This usually in the form of session ticket created in the initial handshake, reducing latency even further.
So, all good then?
This means TLS v1.3 is set to take the world of the Internet by storm and keep us all secure forever and ever, right? Well... no. Most cryptographic standards are considered secure (or at least ‘secure enough’) when they’re adopted, but as technology and research advances, flaws are found. TLS v1.3, then, is just the next stepping stone on the road to keeping everything going. It’s the response to 1.2 being broken and will itself be superseded by something better.
There is something else, however. Some security researchers have raised concerns about the introduction of 0-RTT. For starters, it offers little in the way of forward secrecy, meaning if an attacker somehow gets hold of the server’s session ticket, then all sessions that used that ticket could be decrypted.
More worrying is the possibility of a replay attack. Should an attacker get their grubby little mitts on your 0-RTT encrypted data, they can replay it against the server as the server has no way of verifying where the data came from. Hypothetically, this can be replayed a number of times and even at a later date.
Having said that, there are simple methods one can use to mitigate these threats. For the former, simply swapping out the session keys on a regular basis can mostly side-step that problem. More to the point, TLS v1.2 was just as susceptible (if not more) to this form of attack anyway with very little in the way of mitigation methods.
As for replay attacks, they are quite difficult to perform successfully in the first place. What’s more, there are a few methods to defend against them (enforcing the full handshake process for one. I mean, it’s shorter now anyway).
Of course, it will take some time before we really start feeling the benefits. As already mentioned, whilst TLS v1.3 is available for use, it won’t necessarily become the norm for a while yet. Businesses and websites have to actively adopt it and incorporate it into their networks. It’ll be a slow process. However, with Google pushing for all sites to move towards HTTPS (and effectively punishing those that do not), it’ll be interesting to see if they start pushing for all sites to incorporate TLS v1.3 at some point in the future.
The bottom line is that TLS v1.3 stands to make connections faster and more secure. It gets a thumbs up from us.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.