First.
Yes, we’re pretty sure we’re the first. There are many solutions for Encrypted Traffic Management and whether you call the go-to network devices a TLS Interception Application (TIA), a Middlebox, a SSL interception tool, or anything else; we think that the Symantec SSL Visibility Appliance (SSLV) has beaten all others to the punch.
As of Wednesday August 29 the Symantec SSL Visibility Appliance is able to provide inspection of native TLS 1.3 (RFC 8446) sessions that does not require downgrading to an earlier TLS version. The IETF published RFC 8446 on August 10, based on the approved Draft 28. Don’t be confused, while Draft 28 was very close to the final, it isn’t exactly the same. Of course, SSLV has supported Draft 28 as far back as last March.
This means that the Symantec SSL Visibility Appliance can act as a controlled man-in-the-middle device to intercept TLS 1.3 traffic, enable inspection, and re-encrypt the traffic with the same protocol version and cipher strength. As far as we know, all other solutions on the market will need to knock the session down to something older and weaker.
The SSL Visibility Appliance has supported TLS 1.3 in its draft forms for nearly a year, starting with Draft version 18. We’ve had several updates to keep pace with the evolution of the drafts and now we’re happy to say that the waiting is over. TLS 1.3 is now final-final, fully-baked, and done. If you were waiting for this change to make a move and upgrade your infrastructure to TLS 1.3 – now is the time to act.
Many of technologies biggest names are going to move fast to implement TLS 1.3 for the performance and security benefits that come with it. A quick internal test shows that Facebook, Mozilla, Cloudflare are using TLS in the Draft 28 form. Google Search may be using TLS1.2, but Gmail is also showing TLS 1.3 Draft 28. It’s highly likely that these internet giants will be using the final version (RFC 8446) soon. When they are ready, we’re here and waiting.
If Google, Facebook, Mozilla or Cloudflare traffic is hitting your network, shouldn’t it be protected with TLS 1.3 andinspected for malware and other hidden threats? We think you should. Now you have a choice: wait for your middlebox solution to catch up to us in support of TLS 1.3, or give us a shout and let us show you how quickly we can help.