TLS: Too Little Security
This article assumes basic knowledge of SSL, TLS, and how those support secure web browsing. For a thorough overview or just a refresher, check out this resource.
Around the turn of the century, some big problems with SSL were identified, prompting the Internet Engineering Task Force (IETF) to re-think the model and lay down the specifications for TLS, which was more secure, albeit still with problems. Ever since its inception, TLS has been plagued by the need for patching and upgrading; its latest version, 1.3, released in Spring 2018, has already succumbed to one of the known vulnerabilities it was created to address—the Blechenbacher attack—allowing attackers to “eavesdrop” on supposedly secure traffic. This persistence largely stems from IT departments’ desire for backward compatibility with lesser versions of TLS, combined with a cipher suite supporting an RSA key exchange. Allowing the protocol to downgrade itself to 1.2 before proceeding leaves the user open to the vulnerabilities known in 1.2. TLS seems to be unable to shed this flaw despite a couple of trips back to the drawing board, one of which was specifically to address the Blechenbacher variants, among others.
If you are doing either of the following, the TLS 1.3 vulnerability is particularly relevant to you:
- Using an RSA cipher suite
- Allowing non-compliant/non-upgraded TLS versions (any) to downgrade the server to match (i.e., 1.3 becomes a 1.2 server, and thus open to 1.2 vulnerabilities)
While TLS does protect against a number of attacks, the attempts to patch the holes in the 1.3 vulnerability have been largely unsuccessful. The extant number of legacy or misconfigured TLS implementations is unfathomable and, even if TLS is correctly implemented, the downgrade vulnerability remains. Stronger protection is needed; even the inventor of RSA has advocated that RSA encryption no longer be used with TLS.
To combat this eavesdropping, it is necessary to encrypt sensitive content before it ever touches TLS, ensuring that the data is useless to any potential bad actors “listening in.”
For more comprehensive information on TLS vulnerabilities, check out this article.