Humble beginnings of SSL and TLS
Over the 20 years since the introduction of the “Secure Socket Layer” (SSL) by Netscape, its descendants have become the security standard for all web browsers and much else. The original SSL protocols were soon built upon by the IETF into the non-proprietary “Transport Layer Security” (TLS) protocols, but many people use the term “SSL” to refer to mean either SSL or TLS. Indeed, the latest version of SSL (SSL 3) has now officially been deprecated and should rarely if ever be seen in practice, due to security issues.
SSL/TLS is a network protocol that secures data communication between servers and clients via a combination of asymmetric and symmetric cryptography. It is most commonly used together with HTTP (where the client and web server are a web browser) however it is also to be found in other protocols, including SMTP where it can be used to encrypt mail as it is sent between mail relays.
Why do we need SSL/TLS?
Connections secured using SSL/TLS have three key security guarantees:
Privacy- When a connection is secured with SSL/TLS, data being sent across that connection is encrypted so that if anyone intercepts the traffic, they are unable to determine the original unencrypted data. For example, data such as credit card numbers, social security numbers or other sensitive data must be encrypted so that bad guys cannot access the information. With the appropriate SSL/TLS encryption, information sent across the Internet cannot be intercepted and used maliciously.
Integrity– The SSL/TLS protocol guarantees (by use of a Message Authentication Code (MAC) or Authenticated Encryption with Associated Data (AEAD) algorithm) that it is not possible for an attacker to change the encrypted data without detection by the recipient.
Authentication– SSL/TLS, together with a PKI infrastructure, provides a mechanism for a client to verify the identity of a server and, optionally, for a server to verify the identity of a client. This provides a level of protection against attackers using techniques to cause transactions from a client to be redirected to a fabricated site which can collect sensitive data that the bad guys can use. This attack is called “Man-in-the-Middle” (MITM) and there are many variations.
TLS 1.3: the newcomer to the SSL family
In 2018, the IETF standardized TLS 1.3. This was a significant update: its predecessor TLS 1.2 was published around 10 years previously in 2008, and much discussion went into ensuring that TLS 1.3 was published after the most recent cryptographic techniques had been used to prove its correctness.
The handshake was significantly redesigned, with improved security, and many deprecated encryption algorithms were dropped. The redesign of the handshake means that in many cases data can be exchanged between the client and server sooner.
vADC and TLS 1.3
As a company focused on secure access, Pulse Secure prioritized implementation of TLS 1.3 in the Pulse Secure vADC solution, and the 18.3 release saw the introduction of support for TLS 1.3 in the traffic manager, when the traffic manager is used to terminate SSL/TLS traffic from an end-user (for example to provide SSL/TLS offload or L7 inspection).
When terminating SSL/TLS traffic, an administrator configuring TLS 1.3 can continue to take advantage of existing traffic manager capabilities, including:
- Configuration of SSL/TLS versions, ciphers, and other settings both globally or on an individual virtual server
- SSL/TLS session resumption either with or without server-side state
- Certificate agility, allowing a server to be configured with multiple certificates to be chosen based upon client support
- Client authentication with the ability to interrogate client identity via TrafficScript
- vTM to support certificate agility (ECDSA/RSA); introduction of RSA-PSS signatures (and support for certificates which only permit such signatures), configurable cipher suites/signature algorithms/protocol versions, and ticket-based handshakes for repeated connections
One thing we’ve learned about SSL/TLS is that the story never ends… watch out for the vTM support for TLS 1.3 in our upcoming releases.