Transportation Layer Security (TLS) 1.3 protocol provides a new level of privacy and performance compared to previous versions of TLS. The TLS 1.3 protocol (RFC8446) is faster, more secure and removes some obsolete features in TLS 1.2.
TLS 1.3 Benefits:
1. Speed – faster handshake
TLS 1.3 requires only one round-trip, which in turn cuts the connection setup latency in half from TLS 1.2 which required two rounds trips to complete the handshake.
2. More secure
TLS 1.3 has improvements to ensure the confidentiality and integrity of communications. Even if an eavesdropper is able to get a copy of the transaction, they would have a very difficult time trying to decipher it. Conventional SSL communication uses the static Public/ Private Key infrastructure to exchange session keys. However, in case the private keys are compromised, all recorded previous communication between the client(s) and the compromised server can be decrypted using the private key.
Note — deploying PFS is the best practice that can be adopted even with TLS 1.2
3. Removing obsolete features and adding improved functions
TLS 1.3 removes several features such as static RSA handshake and SHA-1 hash function, and adds protocol version downgrade protection, new ciphers, and key exchange protocol. TLS 1.3 is also designed to be backward compatible to TLS 1.2 with an appropriate “supported versions” extension in the connection handshake.
In recent years, the amount of Internet traffic has become the predominant percentage (more than 90% in some deployments) of the total traffic driven by web applications and the lower the cost of deploying encryption with free certificates. A recent Forbes article by Amit Sinha, CTO and EVP of Cloud Operations at Zscaler, outlines the risks of not inspecting encrypted traffic.
In addition to stopping hackers, SSL inspection is useful when an enterprise wants to know what its employees are intentionally or accidentally sending out of the organization. SSL inspection is also needed for compliance, to ensure that employees are not putting the organization’s confidential data at risk. A multi-layer defense-in-depth strategy that fully supports SSL inspection is essential to ensure enterprises are secure.
The common ways of inspecting SSL and their key considerations are described in the table below.
* See key findings in the SSL performance report on NG firewalls
Zscaler SSL inspection occurs in two modes: explicit and transparent.
In an explicit proxy deployment, the user's client software is configured (via PAC file or Z App) to send requests directly to Zscaler. In a transparent proxy deployment, user requests are transparently redirected to Zscaler (via GRE, IPsec forwarding methods). In the explicit proxy mode, the client sends an HTTP connect request to Zscaler with the destination address. Zscaler uses this to initiate a connection to the server on behalf of the client. Since Zscaler is in the middle of the conversation with separate connections to the client and the server, it can inspect both sides of the conversation when TLS 1.2 or TLS 1.3 is in use in the explicit proxy mode.
In the transparent proxy mode, Zscaler uses the SNI in the Client Hello that indicates the domain to Zscaler. If a web server hosts multiple domains, SNI ensures that a request is routed to the correct site so that the right SSL certificate can be returned to be able to encrypt and decrypt any content. The Client Hello with SNI is sent unencrypted as the client and server have not exchanged encryption keys yet.
Zscaler can also apply policy based on the hostname in the server certificate. With TLS 1.3, the server certificate in TLS 1.3 is encrypted. Zscaler will still have visibility to the SNI and destination server IP address, which is sufficient information for Zscaler ZENs to establish connections to the server. Unlike appliances that will likely require HW refresh to optimize performance, the Zscaler cloud architecture scales to meet the higher performance requirements of TLS 1.3 and minimizes the impact of complexity in customer deployments.
The "E" in ECHDE stands for “Ephemeral” and refers to the fact that the keys exchanged are temporary, rather than static. ECDHE is used where both the client and the server generate their public-private key pair on the fly when the connection is established. The keys are then signed with the TLS certificate (for authentication) and exchanged between the parties.
There has been a lot of media coverage regarding security solutions (commonly referred to as middle boxes) that will lose visibility due to TLS 1.3. This only applies to devices that do not perform inline scanning and depend on the original private (static) keys to decrypt and inspect the data. These solutions will no longer be able to perform retrospective decryption since PFS (ephemeral keys) are mandatory with TLS 1.3.
Passive middle boxes, which depend on SAN (subject alternative name), CN (common name/hostname), and other certificate information to perform actions, will also no longer be able to function as the server certificate itself will now be encrypted.
These passive SSL inspection devices will also become increasingly blind to a significant portion of TLS 1.2 traffic as SSL clients and servers rapidly adopt PFS ciphers. ECDHE is significantly faster and less resource intensive than DHE, critical criteria, especially for mobile devices.
Zscaler is a true inline SSL proxy. It terminates the SSL connection established by the client and establishes a new SSL connection to the server; from a client’s perspective, Zscaler becomes the server and from the original SSL server’s perspective, Zscaler becomes the client. Considering that Zscaler is not just inspecting the SSL traffic on the wire, but terminating the connections, Zscaler has full visibility to the CN (Common Name), and other certificate parameters typically not visible to a passive SSL inspection devices.
Zscaler is committed to providing customers with secure internet connectivity and is uniquely positioned to support TLS 1.3 inspection in a truly scalable, cloud-first architecture. In a future blog, we will explore the status and implications of experimental privacy technologies like ESNI that are not included in the TLS 1.3 standard.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Udayan Palekar is Director of Product Management at Zscaler