By Keren Pollack, on March 11th, 2019


New version of TLS was launched in 2018 – the TLS 1.3 protocol. TLS 1.3 aims to solve all of the problems facing its older version – TLS 1.2.


What is TLS?

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3 and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session. This secret negotiation is referred to as the TLS handshake.

The most widely used versions of TLS nowadays are TLS 1.0, TLS 1.1 and TLS 1.2. While TLS 1.0 & TLS 1.1 are known to be very vulnerable, the TLS 1.2 protocol is considered to be much more secure, and is thus recommended for use. Furthermore, In October 2018, Apple, Google, Microsoft & Mozilla (responsible for Chrome, Edge, IE, Firefox, and Safari browsers) announced that by the first half of 2020, TLS 1.0 & 1.1 will be disabled by them. While that is a good move by them, the question is, what if TLS 1.2 is no longer as secure as we thought

https://calcomsoftware.com/tls-ssl-hardening-what-might-break/


TLS 1.2:

TLS version 1.2 was released in 2008. It is currently the most used version of TLS. TLS 1.2 has major improvements compared to the older version, TLS 1.1. The most essential improvement, however, is in the encryption protocol. TLS 1.2 allows the use of more secure hash algorithms such as SHA-256. In addition, it allows the use of advanced cipher suits that support elliptic curve cryptography. Up until recently, TLS 1.2 was considered fairly secure, but the discovery of new vulnerabilities, similar to the old TLS protocols’ vulnerabilities, put TLS 1.2’s reliability in question.

New Zombie POODLE breach in TLS 1.2:

We know the Zombie POODLE attacks from five years ago which leveraged SSL 3.0 vulnerabilities, but apparently, they didn’t really die.

Researchers have revealed two new vulnerabilities in TLS 1.2 protocol which allow attacks similar to POODLE to breach it. The source of the attack is in TLS 1.2’s support for the outdated cryptographic method, cipher block chaining (CBC). Using the CBC method allows man-in-the-middle attacks (MITM) on users’ encrypted web and VPN sessions. By tweaking a little the familiar POODLE attack, it is possible to hack systems that still hadn’t fully stopped using outdated crypto methods.

Another vulnerability was also found in TLS 1.2 which allows GOLDENDOODLE attack to breach outdated crypto methods. GOLDENDOODLE is similar, yet more powerful than the POODLE attack. It has more powerful and rapid hacking abilities, and even if a system has fully eradicated the POODLE flaw, it could still be vulnerable to GOLDENDOODLE attacks.

While this issue should have been resolved four or five years ago, the support for older protocols which was done mainly to ensure that older legacy browsers and client machines won’t be locked out of websites means that the issue still remains. Meanwhile, those websites, mainly government agencies and financial institutions, remain vulnerable. 


TLS 1.3 takes a significant step forward in security. It removes all primitive features that lead to weak configurations.


TLS 1.2 attack strategy:

The new TLS 1.2 attack, like the old POODLE, allows the attacker to gain access to encrypted blocks of data – and get exposed to plain text information – using side channels. The procedure is this: if the victim visits, for example, a non-encrypted website, a malicious JavaScript is injected to the victim’s browser. Once the browser is infected, a MITM attack is executed and the attacker can grab the victim’s cookies and credentials from a secure web session. 


TLS 1.3:

In addition to TLS 1.2’s security issues, problems in performance and privacy were also noted in TLS 1.2. Therefore, a new version of TLS was launched in 2018 – the TLS 1.3 protocol. TLS 1.3 aims to solve all of the problems facing TLS 1.2. Security wise, TLS 1.3 completely abandons backward compatibility, and has a completely new design of its security functionality. TLS 1.3’s security was designed from scratch, which allows it to perform the same functions as TLS 1.2, but with significantly improved resilience to attacks.

 


TLS 1.3 vs. TLS 1.2:

In August 2018, TLS 1.3 version for TLS protocol was released. The new version includes a lot of privacy, security and performance improvements. With the new TLS 1.3 encrypted connections are much more secure and fast. While high profile vulnerabilities were discovered in TLS 1.2, TLS 1.3 solves those issues and supports only outdated algorithms with no known vulnerabilities.

TLS 1.3 also provides additional privacy by encrypting more of the handshake to protect it from eavesdroppers.

Features removed from TLS 1.3:

  • Static RSA handshake
  • CBC MtE modes
  • RC4
  • SHA1, MD5
  • Compression
  • Regeneration

Security wise, TLS 1.3 completely abandons backward compatibility, and has a completely new design of its security functionality.

Bottom line: TLS 1.3 takes a significant step forward in security. It removes all primitive features that lead to weak configurations. TLS 1.3 prevents common SSL/TLS vulnerabilities such as DROWN, POODLE, SLOTH, CRIME and more.

 


Conclusion:

While TLS 1.2 was a good choice for a TLS protocol up until recent days, it is now obvious that its work is done here. TLS 1.3 offers a better solution with a refreshing approach, especially for security matters. As configuration changes often, updating protocol can be painful to organizations’ production. This is the main reason why a good protocol such as TLS 1.3 is yet to see extensive usage. However, when the option is between a temporary inconvenience and a vulnerability that will cause extensive and expensive damage, the choice is clear. Nonetheless, what if even this temporary inconvenience can be eradicated? That’s right. CHS by CalCom will deploy the protocol update automatically on your entire production environment without causing outages.

 


References:

https://kinsta.com/blog/tls-1-3/

https://www.ietf.org/blog/tls13/

https://www.darkreading.com/application-security/tls-13-wont-break-everything/a/d-id/1332767

https://www.zdnet.com/article/chrome-edge-ie-firefox-and-safari-to-disable-tls-1-0-and-tls-1-1-in-2020/