Join the community today
Register Now

Security Changes coming to TLS (TLS v1.3)

Discussion in 'All Internet & Web Performance News' started by eva2000, Apr 6, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    RedHat's two part look into upcoming TLS changes for TLS v1.3 including performance improving features of TLS 1.3, namely 1-RTT handshakes and 0-RTT session resumption and improved security and privacy.

     
    Last edited: Apr 6, 2017
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Centmin Mod 123.09beta01's Nginx + OpenSSL 1.1 + TLS v1.3 progress :)
    Not quite there yet as Nginx has yet to add identification for TLS v1.3
    Code (Text):
    ./cipherscan https://domain.com
    .......
    Target: domain.com:443
    
    prio  ciphersuite                  protocols              pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  npn          pfs                 curves  curves_ordering
    1     ECDHE-RSA-CHACHA20-POLY1305  TLSv1.2                2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2                2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    3     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2                2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    4     ECDHE-RSA-AES128-SHA256      TLSv1.2                2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    5     ECDHE-RSA-AES256-SHA384      TLSv1.2                2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    6     ECDHE-RSA-AES128-SHA         TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     3600         True         h2,http/1.1  ECDH,P-256,256bits  server
    
    OCSP stapling: supported
    Cipher ordering: server
    Curves ordering: unknown - fallback: no
    Server supports secure renegotiation
    Server supported compression methods: NONE
    
    TLS Tolerance: no
    Fallbacks required:
    big-SSLv3 no fallback req, connected: TLSv1.3 TLS13-AES-128-GCM-SHA256
    big-TLSv1.0 no fallback req, connected: TLSv1 ECDHE-RSA-AES128-SHA
    big-TLSv1.1 no fallback req, connected: TLSv1.1 ECDHE-RSA-AES128-SHA
    big-TLSv1.2 no fallback req, connected: TLSv1.3 TLS13-AES-128-GCM-SHA256
    
    Intolerance to:
     SSL 3.254           : absent
     TLS 1.0             : absent
     TLS 1.1             : absent
     TLS 1.2             : absent
     TLS 1.3             : absent
     TLS 1.4             : absent

    Test against OpenSSL 1.1 dev TLS v1.3 enabled binary works
    Code (Text):
    echo -n | openssl s_client -connect domain.com:443 -CAfile /etc/ssl/certs/cacert.pem| sed '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/d' | sed '/Session-ID: /,/Verify return code/d'
    depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
    verify return:1
    depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    verify return:1
    depth=0 CN = domain.com
    verify return:1
    DONE
    CONNECTED(00000003)
    ---
    Certificate chain
     0 s:/CN=domain.com
       i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
     1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
       i:/O=Digital Signature Trust Co./CN=DST Root CA X3
    ---
    Server certificate
    subject=/CN=domain.com
    issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Peer signature type: RSA-PSS
    ---
    SSL handshake has read 3019 bytes and written 491 bytes
    Verification: OK
    ---
    New, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent
    SSL-Session:
        Protocol  : TLSv1.3
        Cipher    : TLS13-AES-128-GCM-SHA256
        Extended master secret: no
    ---
    read R BLOCK

    take note
    Code (Text):
    SSL-Session:
        Protocol  : TLSv1.3
        Cipher    : TLS13-AES-128-GCM-SHA256


    upload_2017-4-7_0-41-32.png

    upload_2017-4-7_0-43-23.png
     
    Last edited: Apr 7, 2017
  3. ahmed

    ahmed Member

    232
    17
    18
    Feb 21, 2017
    Ratings:
    +24
    Local Time:
    5:55 AM
    hello any progress on TLS 1.3?

    this is mine
    Code:
    nginx version: nginx/1.13.6
    built by gcc 6.3.1 20170216 (Red Hat 6.3.1-3) (GCC)
    built with OpenSSL 1.1.0f  25 May 2017
    TLS SNI support enabled
    configure arguments: --with-ld-opt='-ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.4.2 --add-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.31 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.14 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.41 --with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-1.1.0f --with-openssl-opt='enable-ec_nistp_64_gcc_128'
    [ahmedalshaarawy@test-instance ~]$
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    none yet waiting on openssl official TLS v1.3 support :)
     
  5. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    I'm sorry to say but put it out of your mind for the short term.

    Please don't expect TLS 1.3 in the very near future.
    There are to much hardware problems with TLS 1.3 which need to be resolved first.

    It is not advisable to use TLS 1.3 already, other than test sites.

     
    • Agree Agree x 2
    • Informative Informative x 1
  6. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    I was reading a little bit of everything and then I found this.
    About:
    The Transport Layer Security (TLS) Protocol Version 1.3 (TLS 1.3)
    draft-ietf-tls-tls13-23
    Hopefully it will come soon.
    With TLS 1.3 and Nginx server push we can push the webserver speed even further.
     
    Last edited: Feb 3, 2018
    • Agree Agree x 2
  7. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    The TLS 1.3 start is there. It is slowly getting under way.
    For example Chrome.

     
    • Informative Informative x 2
  8. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Ah progress is good :D
     
  9. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    Indeed, it seems that draft 23 is in fact the “Proposed Standard”.
    Google and Chrome are conservative when it comes to entering something like this. And do not just carry it out. Google employees are part of the group that develops standards. So are perfectly informed.

    It think that draft 18 was the near standard before draft 23.
    Until they encountered problems with various network equipments.
    And turned everything over again. Which of course had to be corrected first.
    Draft 18 was everywhere: Chrome, Firefox, OpenSSL.

    Anyway. I expect Firefox and OpenSSL to follow soon.
    OpenSSL implemented TLS 1.3 draft 23, a few days ago in OpenSSL dev.

     
    Last edited: Feb 4, 2018
    • Informative Informative x 1
  10. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Nice.. also see /policies/releasestrat.html

     
  12. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    TLS 1.3 final draft is around the corner.
    As TLS 1.3 is enabled by default at the OpenSSL 1.1.1 dev branch.
    Enable TLSv1.3 by default · openssl/openssl@f518cef · GitHub
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yup believe that what post 11 implies too :)
     
  14. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    TLSv1.3 draft 24 released. Its seems to be all about form factors.
    Because this is a very small change. Let's hope it goes from draft to standard.

     
    • Like Like x 1
  15. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Sweet.. nearly there !
     
  16. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    BAM! Lady's and gentlemen start your engine in 1....2...3............
     
    • Informative Informative x 2
  17. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
  18. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    OpenSSL 1.1.1dev master branch is upgraded to TLSv1.3 draft-24 - Proposed Standard
     
    • Like Like x 1
  19. eva2000

    eva2000 Administrator Staff Member

    33,667
    7,454
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,459
    Local Time:
    1:55 PM
    Nginx 1.13.x
    MariaDB 5.5
    Nice.. though no browser can test that now as even Chrome Canary only supports TLS 1.3 draft 23
     
  20. bassie

    bassie Active Member

    804
    190
    43
    Apr 29, 2016
    Ratings:
    +569
    Local Time:
    5:55 AM
    True but as TLSv1.3 draft-24 is the proposed standard. It will go fast now.
    As this is the starting point for devs to start with TLS 1.3, if they have not started yet. Second the difference between 23 and 24 is minimal. In short, that is only a form factor.
     
    • Agree Agree x 1
..