Reading Time: 2 minutes

A IETF (Internet Engineering Task Force) anunciou a aprovação do TLS 1.3, a nova versão do protocolo criptográfico de tráfego Transport Layer Security (TLS version 1.3).

Foi de facto uma longa jornada. A IETF analisava propostas para o TLS 1.3 desde Abril de 2014, e a release final conta  então com um trabalho de 28 drafts até se chegar a uma versão totalmente estável.

Este protocolo é desenhado para permitir a comunicação segura de aplicações e servidores na Internet, e permitindo assim prevenir contra a falsificação de mensagens, espionagem e sua adulteração (MITM attacks, sniffing, etc).

A versão TLS 1.2 e 1.3 são bastante diferentes. A nova versão possui algumas features que melhoram a performance e tornam assim o protocolo mais resiliente a certos ataques como o conhecido: ROBOT technique.

Em baixo algumas novas features implementadas neste novo protocolo:

  • The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy. Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms. The ciphersuite concept has been changed to separate the authentication and key exchange mechanisms from the record protection algorithm (including secret key length) and a hash to be used with the key derivation function and HMAC.
  • A 0-RTT mode was added, saving a round-trip at connection setup for some application data, at the cost of certain security properties.
  • Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
  • All handshake messages after the ServerHello are now encrypted. The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers.
  • The key derivation functions have been re-designed. The new design allows easier analysis by cryptographers due to their improved key separation properties. The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used as an underlying primitive.
  • The handshake state machine has been significantly restructured to be more consistent and to remove superfluous messages such as ChangeCipherSpec (except when needed for middlebox compatibility).
  • Elliptic curve algorithms are now in the base spec and new signature algorithms, such as ed25519 and ed448, are included. TLS 1.3 removed point format negotiation in favor of a single point format for each curve.
  • Other cryptographic improvements including the removal of compression and custom DHE groups, changing the RSA padding to use RSASSA-PSS, and the removal of DSA.
  • The TLS 1.2 version negotiation mechanism has been deprecated in favor of a version list in an extension. This increases compatibility with existing servers that incorrectly implemented version negotiation.
  • Session resumption with and without server-side state as well as the PSK-based ciphersuites of earlier TLS versions have been replaced by a single new PSK exchange.

 

O TLS 1.3 elimina totalmente os algoritmos criptográficos antigos, e isso permite evitar muitos dos ataques conhecidos p.ex., ao HTTPs.

Mais informação aqui: https://blog.cloudflare.com/introducing-tls-1-3/