Malware flows in the millions per day. The level of the threat impact increases exponentially when the malware is shielded in encryption. TLS 1.3 is the next evolution in encryption and promises to deliver stronger security – great for users – but also potentially good for the bad guys too.
Transport Layer Security (TLS) is the ubiquitous encryption mechanism used within enterprise networks and over the public Internet. TLS provides both authentication and end-to-end encryption. However, TLS can be a double-edged sword. While its encryption protects the user’s data, it also prevents any network security tools from detecting malware or other threats.
What You Get
TLS 1.3 will only support encryption channels that provide Perfect Forward Secrecy. This means that someone can’t take a copy of the encrypted traffic and play it back later using brute force means to decrypt it.
It limits the use of ciphers to a handful of very strong ones. Plus, most handshake messages are encrypted in TLS 1.3. In other words, not only will the channel be encrypted but also the setup of the session will be largely encrypted – a strong step forward in the TLS protocol. The TLS 1.3 handshake works to enable a faster session start as fewer round trips are needed before data is passed.
Where It Gets Tricky
A middlebox is a device that scans for malware along an encrypted channel. Things get complicated when a middlebox is unable to do its job and maintain a high level of security on the encrypted channel. Additionally, the middlebox has to intercept the encrypted data for scanning without being seen as an unwanted attack.
For example, if a browser tries to connect to a social media server, and a middlebox between the two is not running TLS 1.3, one of three things can happen.
- A decision can be made on the middlebox to block the session – a terrible user experience when someone can’t access the site.
- The middlebox can decide to let the session through without inspection – a win for malware.
- A middlebox can downgrade the session to a weaker TLS connection so the security tools can do their job. Middleboxes that use the earlier protocols can choose weak ciphers that compound the security risk.
Do You Need TLS 1.3?
Many believe that adoption of TLS 1.3 will happen sooner rather than later because industry giants are pressing for quick adoption. Corporations like Facebook and Google Chrome have already implemented TLS 1.3 in their systems. They see the urgency to establish the level of security and malware detection TLS 1.3 provides as soon as possible.
Heed the call and empower your users to connect to popular sites through top web browsers with strong encryption from your environment – while making sure that your security tools can catch any malware that your users’ sessions may pick up along the way. It’s as easy as using TLS 1.3.
We encourage you to share your thoughts on your favorite social platform.