Download - The Evolution of TLS & SSL
![Page 1: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/1.jpg)
![Page 2: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/2.jpg)
The Evolution of TLS & SSLBrian Sniffen
![Page 3: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/3.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS Timeline
![Page 4: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/4.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Akamai Security Research & Architecture
• Crypto engineering expertise• Technical backstop• Product review• Akamai Architecture Group seat• Safety engineering• Incident management
![Page 5: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/5.jpg)
©2014 AKAMAI | FASTER FORWARDTM
How much SSL?
Industry standard: 30%
Akamai sees: 37%
50% by 2016?
![Page 6: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/6.jpg)
©2014 AKAMAI | FASTER FORWARDTM
How much traffic is SSL?
36-38%32–36%
![Page 7: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/7.jpg)
©2014 AKAMAI | FASTER FORWARDTM
24–26%35–37%
Bad App
![Page 8: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/8.jpg)
©2014 AKAMAI | FASTER FORWARDTM
85–90%80-85% WinXP EOL
![Page 9: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/9.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3
Adoption goal: Everyone runs this by 2017
Big Site Operators
speed1-RTT setup
0-RTT resume
Crypto Warriorsforward secrecy
encrypt handshake
non-NIST ciphers
Pragmatistsremove CBCremove RC4
remove compressionfewer HTTP integrations
![Page 10: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/10.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
![Page 11: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/11.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Speed Features
![Page 12: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/12.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Pragmatic features
Q: “What would happen if we remove everything we know is bad?”
A: Simpler code runs blazingly fast
A: Fewer protocol bugs
A: New protocol bugs
![Page 13: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/13.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS 1.3 Crypto War features
• RSA Key Exchange is out• Custom DHE groups are out• DSA with random nonces may be out• Extensions are encrypted• DJB ciphers are in
![Page 14: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/14.jpg)
©2014 AKAMAI | FASTER FORWARDTM
TLS Private Innovations: A history
• Delegated “Keyless” SSL• National cipher suites (Camellia, SEED, etc.)• SPDY / HTTP 2 requires TLS• TLS False Start• Eternal Chrome sessions• Post-CA trust models
![Page 15: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/15.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Implementation bugs
• Gotofail• Heartbleed• NSS Signature Verification
Any device running year-old TLS software is insecure.
![Page 16: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/16.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Optimistic
• We all have TLS 1.3 in 2015• New devices, fast-cycle browsers have TLS 1.3 in 2015• Possible to operate an e-commerce site on TLS 1.3-only in 2015
• Plausible to drop TLS 1.2 in 2018
![Page 17: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/17.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Let’s see the future: Grim
• Crash off of TLS 1.2 in 2016
• No crypto software older than six months is trustworthy
• Typical leaf cert lifespan < 3 months
![Page 18: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/18.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Wild Guesses about Akamai SSL Support
New features:2014: SCSV2015: SNI, TLS 1.3, PFS, OCSP Stapling, SHA-2, Certificate Transparency2016: post-DSA EC (Ed25519?)
Walking the plank:3DES, RC4, SSL3, SSL2
![Page 19: The Evolution of TLS & SSL](https://reader035.vdocuments.us/reader035/viewer/2022062301/56812cfa550346895d91cac1/html5/thumbnails/19.jpg)
©2014 AKAMAI | FASTER FORWARDTM
Advice
• Pin an Edge-Origin Cert (or run your own CA)• Test clients with EC-DHE now• Turn on TLS 1.2• Turn off SSL 3 (and check that SSL 2 is off!)• Don’t hard-code client-Edge elements