TLS 1.3: Embrace the new encryption standard, we got your back.
A leading analyst firm once predicted, “half of malware campaigns in 2019 will use some type of encryption to conceal malware delivery, command and control activity, or data exfiltration.” There’s a decent chance that percentage will be much higher.
TLS is the ubiquitous encryption mechanism used within enterprise networks and over the public Internet. It provides an end to end encrypted channel, as well as a means of enabling authentication. However, TLS is a double-edged sword, as while it provides end to end encryption that protects the user’s data, it also prevents any network security tools from detecting traffic that contains malware or other threats.
There was a time when new malware threats appeared once or twice a week. Today malware flows in the millions per day. The level of the threat impact increases exponentially when half of those are shielded in encryption. TLS 1.3 is the next evolution in encryption and promises to deliver even stronger security. Great for users – but also potentially good for the bad guys too.
One of the key aims of encryption is to prevent so-called Man In The Middle (MITM) attacks, ensuring that data between the client and server cannot be intercepted by an intermediate device that attempts to decrypt the flow. Ironically, the go-to means to inspect TLS is with what can be thought of as a “controlled MITM attack”, performed by what’s commonly referred to as a middlebox device. Once a MITM device has decrypted data, it can send it to security tools for analysis. A variety of middlebox technologies have evolved over the past decade to address the challenge of these growing threats across the web, social media, applications, and mobile networks.
Long Time in the Making
The new standard replaces TLS 1.2 which was formally adopted in August of 2008. TLS 1.3 has been a long time in the making as IETF members, wanting stronger security and better performance, struggled to agree on several key issues.
In fact, there were 28 drafts of the protocol before the last draft was approved in London several weeks ago. It was subsequently sent to the Remote Function Call editor who will create the final version which have an RFC number. There won’t be any substantial differences other than changes in “code points” that will be made before it’s final. What does that mean? For all intents and purposes, TLS 1.3 is here…. and that’s great news!
TLS 1.3 Benefits
- Higher security
TLS 1.3 will only support sessions that provide Perfect Forward Secrecy, helping to prevent a replay attack. This effectively means that someone can’t take a copy of your encrypted traffic and play it back later using brute force means to decrypt it.
It will no longer support most existing ciphers, limiting use to a handful of very strong ones. It’s important that a middlebox solution also support these strong cipher suites. Finally, most handshake messages are encrypted. In layperson’s words, not only will the session be encrypted – the setup of the session will be largely encrypted. Consequently, a “controlled MITM” becomes much more difficult if a device is largely flying blind.
- Potentially higher speed
The TLS 1.3 handshake will enable faster session establishment as fewer round trips will be needed before data is passed. The standard is 1 round trip time (RTT) compared with 2 in TLS 1.2.There will also be an optional 0 RTT with the sending of “early data” that will be less secure until the handshake completes. Each round trip takes time and when 250 milliseconds can impact the user experience, every bit counts.
TLS 1.3: Tough on Middleboxes?
Things get complicated when a middlebox is unable to do its job and maintain session integrity. Firstly, the middlebox must be able to intercept the client & server connection without being seen as an unwanted MITM. But even when this is properly done, the middlebox may not be able to preserve the security of the session. If a client (let’s say a Chrome browser) tries to connect to a server (such as Facebook) and a middlebox between the two is less capable, one of three things can happen.
- A decision can be made on the middlebox to block the session – a terrible user experience when someone can’t access the site.
- The middlebox can decide to let the session through, without inspection – a win for malware.
- A middlebox can downgrade the session to a weaker TLS connection and security tools can do their job, but the benefits of TLS 1.3 are largely lost. The least-bad choice, this happens more than it should. But it gets worse, much worse. Middleboxes that support the earlier protocols but don’t have cipher suites or adequate horsepower to process them will further degrade, choosing weak ciphers that compound the security risk.
Don’t Wait
Let’s face it, not everyone will move to TLS 1.3 overnight, and it will be a long time until the last TLS 1.2 server goes offline. But many believe that adoption may happen faster than you think as many industry giants may press for quick adoption.
The fact is, your company may not push for changes within your own servers anytime soon. However, consider this, if you’re in charge of enterprise security and your users are going to sites that support TLS 1.3 – you should want them to take advantage of the security it offers. Popular browsers already support draft versions of TLS 1.3. And many websites do as well - we've seen it with large sites like Facebook, and smaller sites hosted by Cloudflare. Enable your users connect to these popular sites with strong encryption and, also make sure that your security tools can catch any malware that they may inadvertently come pick up along the way.
Why Symantec
Symantec is the global leader in cybersecurity for a reason. We’ve put considerable resources not only into our security tools, but the Encrypted Traffic Management tools that feed them. Last year Symantec’s Blue Coat ProxySG earned the only “A” grade in Secure HTTPS Interception while others fell far short. We were achieved this with proper certificate validation, strong cipher suites that mirrored client ciphers, and advanced TLS support.
With TLS 1.3 at our doorstep we haven’t stopped. Symantec SSL Visibility Appliance today supports TLS 1.3 drafts 18 – 28, enabling an end-to-end TLS 1.3 connection - without a downgrade - feeding a wide variety of security tools. When the final tweaks are in place we rest assured, we won’t be far behind.