SSL Technologies Update
PRESENTED BY:
History
1994 1995 1999 2006 2008 2018
SSL1 and SSL3 TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 SSL2 Netscape addresses Standardized SSL3 with Security fixes and Added support for Signficiant overhaul, Netscape project SSL2 flaws almost no changes TLS extensions authenticated encryption requiring PFS, removing that contained RFC2246 RFC4346 (AES-GCM, CCM modes) weak ciphers. Allows 0-RTT significant flaws and removed hard-coded and 1-RTT handshakes. primitives RFC5246 RFC Draft History
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Revelations of privacy
Snowden
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Motivation
Page rank Snowden Incentives
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Technology advances
Page rank Emerging Snowden Incentives technologies
2009 2011 2013 2014 2015 2016 2017 2018
?
Must use TLSv1.2 Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Must support ephemeral key exchange >= 2048b Lucky 13 Freak LogJam Regulatory compliance
Page rank Emerging Regulatory Snowden incentives technologies requirements
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Lower barrier to entry
Page rank Emerging Regulatory Snowden Accessibility Incentives technologies requirements
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam Quantifiable security
Page rank Emerging Regulatory Qualified Snowden Accessibility Incentives technologies requirements grading
2009 2011 2013 2014 2015 2016 2017 2018
?
Insecure Beast RC4 Heartbleed Poodle Drown Robot Renegotiation Crime Time Dire Lucky 13 Freak LogJam 75% TLS is still growing (Google report) 60%
37 71
70%
Nobody does SSL better
F5 develops its own native SSL stack
240K SSL TPS and 80 Gbps of SSL #1
Highest rated performance-oriented SSL features 45.4%
SSL mirroring and hybrid crypto offload
Worldwide ADC Market Share 1Q 2016* “A Grade” SSL rating out-of-the-box * Source IDC SSL strategy and roadmap
BIG-IP 14.0 BIG-IP 14.1
• TLS 1.3 tolerance • TLS 1.3 – phase one • TLS 1.3 – phase two • F5 cipher suite builder • Curve25519 • DH 2048 • Dynamic CA bundle update • ChaCha20-Poly1305 • External crypto offload • 0-RTT • SSL visibility • C3D – phase two • SSL connection mirroring • OCSP stapling • C3D – phase one TLS 1.3 support
Library Used By 18 19 20 21 22 23 24 25 26 27 28
F5 TMM BIG-IP x x NSS Firefox x x miTLS Microsoft x BoringSSL Google/Chrome x Wireshark Wireshark x x x x x x x x x x x picotls H2O Server x x x x Secure Transport Apple (Mac) x sChannel Windows (Edge+) OpenSSL Most Servers / Tools x x x wolfSSL MySQL x x x x x GnuTLS Synology x ??? Opera x tlslite-ng Python Lib x SwiftTLS Apple x x Client Certificate Constrained Delegation
Model 1: Local Delegate Model 2: Remote Delegate FIPS and key management FIPS and key management F5 FIPS and key management
CA Server
Certificate Order Status Organization Domain Management Monitoring Management Management Order Submission 3 4 5 6
Renew/ Update/ User API Revoke Authentication User Account Key Creation Creation 2 1
Certificate Manager from Certificate Certificate Installation Validation CA or third-party solutions 8 7
Stages BIG-IP/BIG-IQ are Symantec (now DigiCert) interested in 20 Comodo F5 FIPS and key management
1. Vendor agnostic - simply install per vendor instructions
2. Point BIG-IP to use the new vendor PKCS#11 library
3. On-box test of basic PKCS#11 APIs per library
4. Advanced configuration - HSM partition/slot by name/label
5. Concurrent access to multiple HSM partitions/slots • Multi-tenancy support (cloud use-case) • Per-App HSM partition/slot allocation
6. Easy integration with new PKCS#11 HSMs • Ability to link any new vendor PKCS#11 library without code changes • A basic test utility to test and validate basic PKCS#11 APIs calls • Robust set of regression tests run with each F5 release
Visibility don’t
Performance do The daisy chain of security services inspect inspect Users / Devices decrypt encrypt decrypt encrypt
Web Gateway DLP Anti-Malware IPS Firewall Internet
User decrypt encrypt decrypt encrypt inspect inspect
🛑🛑Multiple SSL/TLS intercept points 🛑🛑
🛑🛑 🛑🛑 High performance decryption and encryption of SSL traffic
Users / Devices
Firewall Internet
User
Web Gateway DLP Anti-Malware IPS
✅Single SSL/TLS intercept point ✅
✅ ✅ Policy-based dynamic service chaining What’s new in 4.0