Edge 2014: The Evolution of TLS/SSL - Improving the Foundations of Internet Security
-
Upload
akamai-technologies -
Category
Technology
-
view
310 -
download
0
description
Transcript of Edge 2014: The Evolution of TLS/SSL - Improving the Foundations of Internet Security
The Evolution of TLS & SSL Brian Sniffen
©2014 AKAMAI | FASTER FORWARDTM
TLS Timeline
1990Web
1995SSL 2
SSL 31996
2006TLS 1.1
TLS 1.22008
2015TLS 1.3
1999TLS 1.0
TimeNow
©2014 AKAMAI | FASTER FORWARDTM
Akamai Security Research & Architecture
• Crypto engineering expertise • Technical backstop • Product review • Akamai Architecture Group seat • Safety engineering • Incident management
©2014 AKAMAI | FASTER FORWARDTM
How much SSL?
Industry standard: 30%
Akamai sees: 37%
50% by 2016?
©2014 AKAMAI | FASTER FORWARDTM
How much traffic is SSL?
36-38% 32–36%
©2014 AKAMAI | FASTER FORWARDTM
24–26% 35–37%
Bad App
©2014 AKAMAI | FASTER FORWARDTM
85–90% 80-85% WinXP EOL
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3
Adoption goal: Everyone runs this by 2017
Big Site Operators speed
1-RTT setup 0-RTT resume
Crypto Warriors forward secrecy
encrypt handshake non-NIST ciphers
Pragmatists remove CBC remove RC4
remove compression fewer HTTP integrations
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
ClientHelloClientKeyExchange
ServerHelloServerKeyExchange[ChangeCipherSpec]EncryptedExtensions
CertificateCertificateRequestCertificateVerify
Finished
[ChangeCipherSpec]Certificate
CertificateVerifyFinished
Application Data Application Data
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
ServerHelloServerKeyExchange[ChangeCipherSpec]
Finished
ClientHelloClientKeyExchange
[ChangeCipherSpec]Finished
Application Data Application Data
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Pragmatic features
Q: “What would happen if we remove everything we know is bad?” A: Simpler code runs blazingly fast A: Fewer protocol bugs A: New protocol bugs
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Crypto War features
• RSA Key Exchange is out • Custom DHE groups are out • DSA with random nonces may be out • Extensions are encrypted • DJB ciphers are in
©2014 AKAMAI | FASTER FORWARDTM
TLS Private Innovations: A history
• Delegated “Keyless” SSL • National cipher suites (Camellia, SEED, etc.) • SPDY / HTTP 2 requires TLS • TLS False Start • Eternal Chrome sessions • Post-CA trust models
©2014 AKAMAI | FASTER FORWARDTM
Implementation bugs
• Gotofail • Heartbleed • NSS Signature Verification
Any device running year-old TLS software is insecure.
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Optimistic
• We all have TLS 1.3 in 2015 • New devices, fast-cycle browsers have TLS 1.3 in 2015 • Possible to operate an e-commerce site on TLS 1.3-only in 2015
• Plausible to drop TLS 1.2 in 2018
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Grim
• Crash off of TLS 1.2 in 2016
• No crypto software older than six months is trustworthy
• Typical leaf cert lifespan < 3 months
©2014 AKAMAI | FASTER FORWARDTM
Wild Guesses about Akamai SSL Support
New features: 2014: SCSV 2015: SNI, TLS 1.3, PFS, OCSP Stapling, SHA-2, Certificate Transparency 2016: post-DSA EC (Ed25519?) Walking the plank: 3DES, RC4, SSL3, SSL2
©2014 AKAMAI | FASTER FORWARDTM
Advice
• Pin an Edge-Origin Cert (or run your own CA) • Test clients with EC-DHE now • Turn on TLS 1.2 • Turn off SSL 3 (and check that SSL 2 is off!) • Don’t hard-code client-Edge elements