The Evolution of TLS & SSLBrian Sniffen

©2014 AKAMAI | FASTER FORWARDTM

TLS Timeline

©2014 AKAMAI | FASTER FORWARDTM

Akamai Security Research & Architecture

• Crypto engineering expertise• Technical backstop• Product review• Akamai Architecture Group seat• Safety engineering• Incident management

©2014 AKAMAI | FASTER FORWARDTM

How much SSL?

Industry standard: 30%

Akamai sees: 37%

50% by 2016?

©2014 AKAMAI | FASTER FORWARDTM

How much traffic is SSL?

36-38%32–36%

©2014 AKAMAI | FASTER FORWARDTM

24–26%35–37%

Bad App

©2014 AKAMAI | FASTER FORWARDTM

85–90%80-85% WinXP EOL

©2014 AKAMAI | FASTER FORWARDTM

TLS 1.3

Adoption goal: Everyone runs this by 2017

Big Site Operators

speed1-RTT setup

0-RTT resume

Crypto Warriorsforward secrecy

encrypt handshake

non-NIST ciphers

Pragmatistsremove CBCremove RC4

remove compressionfewer HTTP integrations

©2014 AKAMAI | FASTER FORWARDTM

TLS 1.3 Speed Features

©2014 AKAMAI | FASTER FORWARDTM

TLS 1.3 Speed Features

©2014 AKAMAI | FASTER FORWARDTM

TLS 1.3 Pragmatic features

Q: “What would happen if we remove everything we know is bad?”

A: Simpler code runs blazingly fast

A: Fewer protocol bugs

A: New protocol bugs

©2014 AKAMAI | FASTER FORWARDTM

TLS 1.3 Crypto War features

• RSA Key Exchange is out• Custom DHE groups are out• DSA with random nonces may be out• Extensions are encrypted• DJB ciphers are in

©2014 AKAMAI | FASTER FORWARDTM

TLS Private Innovations: A history

• Delegated “Keyless” SSL• National cipher suites (Camellia, SEED, etc.)• SPDY / HTTP 2 requires TLS• TLS False Start• Eternal Chrome sessions• Post-CA trust models

©2014 AKAMAI | FASTER FORWARDTM

Implementation bugs

• Gotofail• Heartbleed• NSS Signature Verification

Any device running year-old TLS software is insecure.

©2014 AKAMAI | FASTER FORWARDTM

Let’s see the future: Optimistic

• We all have TLS 1.3 in 2015• New devices, fast-cycle browsers have TLS 1.3 in 2015• Possible to operate an e-commerce site on TLS 1.3-only in 2015

• Plausible to drop TLS 1.2 in 2018

©2014 AKAMAI | FASTER FORWARDTM

Let’s see the future: Grim

• Crash off of TLS 1.2 in 2016

• No crypto software older than six months is trustworthy

• Typical leaf cert lifespan < 3 months

©2014 AKAMAI | FASTER FORWARDTM

Wild Guesses about Akamai SSL Support

New features:2014: SCSV2015: SNI, TLS 1.3, PFS, OCSP Stapling, SHA-2, Certificate Transparency2016: post-DSA EC (Ed25519?)

Walking the plank:3DES, RC4, SSL3, SSL2

©2014 AKAMAI | FASTER FORWARDTM

Advice

• Pin an Edge-Origin Cert (or run your own CA)• Test clients with EC-DHE now• Turn on TLS 1.2• Turn off SSL 3 (and check that SSL 2 is off!)• Don’t hard-code client-Edge elements