Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | noah-jordan |
View: | 35 times |
Download: | 0 times |
The Evolution of TLS & SSLBrian Sniffen
©2014 AKAMAI | FASTER FORWARDTM
TLS Timeline
©2014 AKAMAI | FASTER FORWARDTM
Akamai Security Research & Architecture
• Crypto engineering expertise• Technical backstop• Product review• Akamai Architecture Group seat• Safety engineering• Incident management
©2014 AKAMAI | FASTER FORWARDTM
How much SSL?
Industry standard: 30%
Akamai sees: 37%
50% by 2016?
©2014 AKAMAI | FASTER FORWARDTM
How much traffic is SSL?
36-38%32–36%
©2014 AKAMAI | FASTER FORWARDTM
24–26%35–37%
Bad App
©2014 AKAMAI | FASTER FORWARDTM
85–90%80-85% WinXP EOL
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3
Adoption goal: Everyone runs this by 2017
Big Site Operators
speed1-RTT setup
0-RTT resume
Crypto Warriorsforward secrecy
encrypt handshake
non-NIST ciphers
Pragmatistsremove CBCremove RC4
remove compressionfewer HTTP integrations
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Pragmatic features
Q: “What would happen if we remove everything we know is bad?”
A: Simpler code runs blazingly fast
A: Fewer protocol bugs
A: New protocol bugs
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Crypto War features
• RSA Key Exchange is out• Custom DHE groups are out• DSA with random nonces may be out• Extensions are encrypted• DJB ciphers are in
©2014 AKAMAI | FASTER FORWARDTM
TLS Private Innovations: A history
• Delegated “Keyless” SSL• National cipher suites (Camellia, SEED, etc.)• SPDY / HTTP 2 requires TLS• TLS False Start• Eternal Chrome sessions• Post-CA trust models
©2014 AKAMAI | FASTER FORWARDTM
Implementation bugs
• Gotofail• Heartbleed• NSS Signature Verification
Any device running year-old TLS software is insecure.
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Optimistic
• We all have TLS 1.3 in 2015• New devices, fast-cycle browsers have TLS 1.3 in 2015• Possible to operate an e-commerce site on TLS 1.3-only in 2015
• Plausible to drop TLS 1.2 in 2018
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Grim
• Crash off of TLS 1.2 in 2016
• No crypto software older than six months is trustworthy
• Typical leaf cert lifespan < 3 months
©2014 AKAMAI | FASTER FORWARDTM
Wild Guesses about Akamai SSL Support
New features:2014: SCSV2015: SNI, TLS 1.3, PFS, OCSP Stapling, SHA-2, Certificate Transparency2016: post-DSA EC (Ed25519?)
Walking the plank:3DES, RC4, SSL3, SSL2
©2014 AKAMAI | FASTER FORWARDTM
Advice
• Pin an Edge-Origin Cert (or run your own CA)• Test clients with EC-DHE now• Turn on TLS 1.2• Turn off SSL 3 (and check that SSL 2 is off!)• Don’t hard-code client-Edge elements