SSL Technologies Update

Home , GnuTLS, Heartbleed, OCSP stapling, Poodle

PRESENTED BY:

History

1994 1995 1999 2006 2008 2018

SSL1 and SSL3 TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 SSL2 Netscape addresses Standardized SSL3 with Security fixes and Added support for Signficiant overhaul, Netscape project SSL2 flaws almost no changes TLS extensions authenticated encryption requiring PFS, removing that contained RFC2246 RFC4346 (AES-GCM, CCM modes) weak ciphers. Allows 0-RTT significant flaws and removed hard-coded and 1-RTT handshakes. primitives RFC5246 RFC Draft History

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Revelations of privacy

Snowden

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Motivation

Page rank Snowden Incentives

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Technology advances

Page rank Emerging Snowden Incentives technologies

2009 2011 2013 2014 2015 2016 2017 2018

Must use TLSv1.2 Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Must support ephemeral key exchange >= 2048b Lucky 13 Freak LogJam Regulatory compliance

Page rank Emerging Regulatory Snowden incentives technologies requirements

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Lower barrier to entry

Page rank Emerging Regulatory Snowden Accessibility Incentives technologies requirements

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Quantifiable security

Page rank Emerging Regulatory Qualified Snowden Accessibility Incentives technologies requirements grading

2009 2011 2013 2014 2015 2016 2017 2018

Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam 75% TLS is still growing (Google report) 60%

37 71

70%

Nobody does SSL better

F5 develops its own native SSL stack

240K SSL TPS and 80 Gbps of SSL #1

Highest rated performance-oriented SSL features 45.4%

SSL mirroring and hybrid crypto offload

Worldwide ADC Market Share 1Q 2016* “A Grade” SSL rating out-of-the-box * Source IDC SSL strategy and roadmap

BIG-IP 14.0 BIG-IP 14.1

• TLS 1.3 tolerance • TLS 1.3 – phase one • TLS 1.3 – phase two • F5 cipher suite builder • Curve25519 • DH 2048 • Dynamic CA bundle update • ChaCha20-Poly1305 • External crypto offload • 0-RTT • SSL visibility • C3D – phase two • SSL connection mirroring • OCSP stapling • C3D – phase one TLS 1.3 support

Library Used By 18 19 20 21 22 23 24 25 26 27 28

F5 TMM BIG-IP x x NSS Firefox x x miTLS Microsoft x BoringSSL Google/Chrome x Wireshark Wireshark x x x x x x x x x x x picotls H2O Server x x x x Secure Transport Apple (Mac) x sChannel Windows (Edge+) OpenSSL Most Servers / Tools x x x wolfSSL MySQL x x x x x GnuTLS Synology x ??? Opera x tlslite-ng Python Lib x SwiftTLS Apple x x Client Certificate Constrained Delegation

Model 1: Local Delegate Model 2: Remote Delegate FIPS and key management FIPS and key management F5 FIPS and key management

CA Server

Certificate Order Status Organization Domain Management Monitoring Management Management Order Submission 3 4 5 6

Renew/ Update/ User API Revoke Authentication User Account Key Creation Creation 2 1

Certificate Manager from Certificate Certificate Installation Validation CA or third-party solutions 8 7

Stages BIG-IP/BIG-IQ are  Symantec (now DigiCert) interested in 20  Comodo F5 FIPS and key management

1. Vendor agnostic - simply install per vendor instructions

2. Point BIG-IP to use the new vendor PKCS#11 library

3. On-box test of basic PKCS#11 APIs per library

4. Advanced configuration - HSM partition/slot by name/label

5. Concurrent access to multiple HSM partitions/slots • Multi-tenancy support (cloud use-case) • Per-App HSM partition/slot allocation

6. Easy integration with new PKCS#11 HSMs • Ability to link any new vendor PKCS#11 library without code changes • A basic test utility to test and validate basic PKCS#11 APIs calls • Robust set of regression tests run with each F5 release

Visibility don’t

Performance do The daisy chain of security services inspect inspect Users / Devices decrypt encrypt decrypt encrypt

Web Gateway DLP Anti-Malware IPS Firewall Internet

User decrypt encrypt decrypt encrypt inspect inspect

🛑🛑Multiple SSL/TLS intercept points 🛑🛑

🛑🛑 🛑🛑 High performance decryption and encryption of SSL traffic

Users / Devices

Firewall Internet

User

Web Gateway DLP Anti-Malware IPS

✅Single SSL/TLS intercept point ✅

✅ ✅ Policy-based dynamic service chaining What’s new in 4.0