Transport Layer Security - What is New

Transport Layer Security

What is New

Andrea Hauser
by Andrea Hauser
on July 08, 2021
time to read: 5 minutes

Keypoints

This is new in TLS 1.3

  • Since 2015, when our last articles on encryption were written, a new version of the TLS protocol has been released
  • Vulnerabilities in the TLS_RSA ciphers have been identified, which means that these ciphers should no longer be used
  • Public-Key-Pinning has been declared as failed, since the risks associated with it were too large
  • And further adjustments have been made to our recommendations, which are summarized in a checklist at the end of this article

TLS is the encryption protocol that is mainly, but not exclusively, used to encrypt network traffic from websites and hence theoretically securely transmit the traffic. However, in order for this encryption to be secure in practice, some settings must be respected.

The last time we wrote articles about TLS/SSL or encryption was in 2014 and 2015. Most of the recommendations have not changed, but there are still some updates and outdated ciphers and protocols that are discussed in this article. Finally, this article summarizes which TLS settings should currently be implemented from a security perspective.

What is new

This section looks at the new protocols and security measures introduced since 2015.

TLSv1.3

A new version of the TLS protocol has been published. It is called TLSv1.3 and is defined in RFC 8446. The two most important areas in which TLSv1.3 differs from the previous protocol are security and speed. This is because TLSv1.3 removes several weak and obsolete features from TLSv1.2. The speed gain is due to a new handshake that can be performed in one round-trip instead of two.

Difference between the TLSv1.2 and TLSv1.3 handshakes

OCSP-Stapling

OCSP stands for Online Certificate Status Protocol and is a standard for checking the revocation status of certificates. With OCSP-Stapling, an extension of the original OCSP, the revocation status is delivered directly by the server as part of the TLS handshake. Accordingly, the browser itself does not need to contact an OCSP server to check the status of the certificate. This reduces the total time required to establish the TLS connection and no information about a user’s browsing behavior is sent to the OCSP server.

What was removed

This section looks at the protocols, ciphers and other security measures removed since 2015.

TLS_RSA

It is only about ciphers that use RSA for key exchange. All these ciphers are affected by the ROBOT attack or similar attacks and are classified as weak. The vulnerabilities mean that an attacker who can passively record the data traffic can later decrypt it. Anyone who would like to read more details about the ROBOT attack can find them on the website created for the vulnerability robotattack.org.

TLSv1.0 and TLSv1.1

Back in March 2020, modern browsers such as Chrome, Firefox and Safari stopped supporting the TLSv1.0 and TLSv1.1 protocols. This is mainly because several aspects of the design of these protocols are not robustly implemented. For companies in the financial sector, it is also of interest that the PCI DSS has also required that TLSv1.0 should no longer be supported as early as the end of June 2018.

Public-Key-Pinning

Public-Key-Pinning was developed to counteract the fact that any CA can issue a certificate for any website. However, the correct implementation of public key pinning is complex and requires a lot of expertise. In addition, there is the risk of completely blocking the website for visitors if a bad configuration were to be implemented. For this reason, most browsers have removed support for Public-Key-Pinning.

As an alternative, the concept of Certificate Transparency is now available. Newly issued certificates are recorded in publicly maintained CT-logs. Anyone can now monitor these logs for their domains and recognize a falsely or maliciously created certificate.

TLS Configuration Checklist

The following checklist contains the mentioned recommendations for a secure TLS configuration as well as those still valid from the last article (as of July 2021):

Conclusion

If the settings suggested in the TLS configuration checklist have been enforced, then a system is well protected with the current security recommendations in the area of TLS. However, fully protecting a system involves more than just implementing secure TLS settings. In our archive of all labs you will find all articles on topics that our Red team, our Blue team as well as our Research team have focused on recently.

About the Author

Andrea Hauser

Andrea Hauser graduated with a Bachelor of Science FHO in information technology at the University of Applied Sciences Rapperswil. She is focusing her offensive work on web application security testing and the realization of social engineering campaigns. Her research focus is creating and analyzing deepfakes. (ORCID 0000-0002-5161-8658)

Links

Your Blue Team may use some support?

Our experts will get in contact with you!

×
Prompt Injection

Prompt Injection

Andrea Hauser

Ways of attacking Generative AI

Ways of attacking Generative AI

Andrea Hauser

XML Injection

XML Injection

Andrea Hauser

Burp Macros

Burp Macros

Andrea Hauser

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here