Sunday, October 14, 2018

TLS 1.3

TLS (Transport Layer Security) 1.2 has been a mainstay of web based secure communication for more than eight years. In August 2018 TLS1.3 was published. In this post I look at the main new features that make this faster and more secure.

Client sends an hello sharing support cipher suites. The server responds with its selected cipher suite
The client then sends key exchange data and the server responds.
In total there is a four way handshake to set up the connection
Client sends an hello sharing support cipher suites AND a suggested cipher, and key.
Provided the server agrees with the suggested key, the handshake can be completed in one round trip i.e.a two way handshake only.   Hence TL1.3 session can be completed more quickly and allow encrypted data exchange to be started in a shorter timeframe.


Session Resumption
In TLS1.2 a two way handshake is required for session resumption. The Client sends a Session Ticket, and the server confirms. 

TLS1.2 session resumption

TLS1.3 session resumption

In TLS1.3 NO handshake maybe required to resume data exchange. The session ticket is sent at the same time as the HTTP data. This quick resume is ONLY possible for exchanges that are ‘read only’. For other requests such as a POST a two way handshake is still required. This is a security requirement to prevent replay attacks.
TLS1.3 also enhances security by implementing forward secrecy for session resumption.  Without forward secrecy and the session ticket is compromised previous sessions can be decrypted. TLS 1.2 resumption does NOT offer any forward secrecy for session resumption. TLS 1.3 implements Forward Secrecy in this instance.  TLS1.3 session resumption implements a new key share (rather than use the previous PSK – pre-shared key).

Other security enhancements in TL1.3. Removal of vulnerable encryption algorithms e.g. static RSA handshake (DROWN), CBC MTE Modes (POODLE), Fixed DHE groups (LogJam).  TLS1.3 also implements a mechanism to prevent downgrade attacks to ver 1.2 TLS.


No comments: