SlideShare une entreprise Scribd logo

wolfSSL TLS 1.3 Support in 2018

wolfSSL
wolfSSL

This presentation covers the current status of TLS 1.3 in the wolfSSL embedded TLS library (as of the time it was presented). It talks about the Draft status of TLS 1.3, middlebox compatibility, extensions, RSA-PSS negotiation and the specification's progress in the TLSWG (TLS Working Group). www.wolfssl.com www.wolfssl.com/tls13

Technologie
1  sur  11
Télécharger pour lire hors ligne
wolfSSL Team Meeting 2018 TLS v1.3
TLS v1.3 - Status • Draft 22 out and being tested • Middlebox compatibility • Draft 23 • Renumber key_share extension • RSA-PSS negotiation for certificates and messages
TLS v1.3 - Middleboxes • Boxes sitting between user and website • Network scanners • TLS Proxies • Adware and Malware • ClientHello and ServerHello look more like TLS v1.2 • Encrypted messages after a ChangeCipherSpec
TLS v1.3 - Middleboxes • Mozilla customer tested there browser connecting to controlled website: tls13.facebook.com Failure Rate US only TLS v1.2 4.8491% 3.2477% TLS v1.3 Draft 22 5.0174% 3.4521% TLS v1.3 Draft 22 Compat 4.8090% 3.2394% Source: https://mailarchive.ietf.org/arch/msg/tls/6pGGT-wm5vSkacMFPEPvFMEnj-M
TLS v1.3 in TLSWG • Gone to third last call • IANA Registry Updates published • Still minor edits to be made that don’t affect wire format • Last call ends 26 January • Then … ???
TLS 1.3 - Interop Testing • Extensive testing of Draft 18 against Mozilla products and OpenSSL • Extensive testing of Draft 22 against OpenSSL • 27 different test cases • All ciphers suites, RSA and ECC certificates, DH and ECDH (+X25519) • Fragmentation, HHR, Resumption, KeyUpdate, EarlyData, Padding in record layer
TLS 1.3 - Configure • --enable-tls13 —enable-tls13-draft18 • --enable-session-ticket --enable-psk • --enable-postauth • --enable-earlydata • --enable-hrrcookie • -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT • -DWOLFSSL_TLS13_TICKET_BEFORE_FINISHED
TLS 1.3 - Examples • C_EXTRA_FLAGS=“-DWOLFSSL_DEBUG_TLS” • HelloRetryRequest: -J (client) • No Forward secrecy with PSK: -K (client/server) • Update keys and IVs: -I (client) -U (server) • Early Data: -0 (client/server) • Post-Handshake Auth: -Q (client/server) • Cookie Extension containing state: -J (server)
TLS 1.3 - API Changes • PSK DHE: wolfSSL_CTX_no_dhe_psk() • Post handshake authentication • wolfSSL_CTX_allow_post_handhshake_auth() • wolfSSL_request_certifcate() • Key Shares • wolfSSL_NoKeyShares() • wolfSSL_UseKeyShare() • wolfSSL_send_hrr_cookie() • Update Keys: wolfSSL_update_keys()
TLS 1.3 - API Changes • Tickets • wolfSSL_no_ticket_TLSv13() • Early Data • wolfSSL_read_early_data() • wolfSSL_write_early_data() • wolfSSL_set_max_early_data() • Accept/Connect - don’t need to use • wolfSSL_accept_TLSv13() • wolfSSL_connect_TLSv13()
TLS 1.3 - Questions

Recommandé

wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit - wolfSSL
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
Death of WAF - GoSec '15
Death of WAF - GoSec '15Death of WAF - GoSec '15
Death of WAF - GoSec '15Brian A. McHenry
 
Death of Web App Firewall
Death of Web App FirewallDeath of Web App Firewall
Death of Web App FirewallBrian A. McHenry
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 

Recommandé

wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL and TLS 1.3
wolfSSL and TLS 1.3wolfSSL
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...
BlueHat v17 || TLS 1.3 - Full speed ahead... mind the warnings - the great, t...BlueHat Security Conference
 
Securing Data in Transit -
Securing Data in Transit - Securing Data in Transit -
Securing Data in Transit - wolfSSL
 
SSL/TLS 101
SSL/TLS 101SSL/TLS 101
SSL/TLS 101Chul-Woong Yang
 
Death of WAF - GoSec '15
Death of WAF - GoSec '15Death of WAF - GoSec '15
Death of WAF - GoSec '15Brian A. McHenry
 
Death of Web App Firewall
Death of Web App FirewallDeath of Web App Firewall
Death of Web App FirewallBrian A. McHenry
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
SSL
SSLSSL
SSLDuy Do Phan
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
Cryptography
CryptographyCryptography
CryptographySri Manakula Vinayagar Engineering College
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerNishant Pahad
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSpavansmiles
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardAndrew Denner
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access ControllerKHNOG
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)BGSBU Rajouri
 

Contenu connexe

Tendances

Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Trafficdkaya
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYMonodip Singha Roy
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardAndrew Denner
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layeromkar bhagat
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access ControllerKHNOG
 

Tendances (19)

Sniffing SSL Traffic
Sniffing SSL TrafficSniffing SSL Traffic
Sniffing SSL Traffic
 
SSL
SSLSSL
SSL
 
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROYPPT ON WEB SECURITY BY MONODIP SINGHA ROY
PPT ON WEB SECURITY BY MONODIP SINGHA ROY
 
OpenSSL
OpenSSLOpenSSL
OpenSSL
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal Wadhwa
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Cryptography
CryptographyCryptography
Cryptography
 
SSL overview
SSL overviewSSL overview
SSL overview
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuardCentral Iowa Linux Users Group May 2020 Meeting: WireGuard
Central Iowa Linux Users Group May 2020 Meeting: WireGuard
 
SSL Secure Socket Layer
SSL Secure Socket LayerSSL Secure Socket Layer
SSL Secure Socket Layer
 
Terminal Access Controller
Terminal Access ControllerTerminal Access Controller
Terminal Access Controller
 

Similaire à wolfSSL TLS 1.3 Support in 2018

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)BGSBU Rajouri
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.pptPranavUndre1
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLSSam Bowne
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Samip jain
 
Cryptography by Afroz haider mir
Cryptography by Afroz haider mirCryptography by Afroz haider mir
Cryptography by Afroz haider mirAFROZ MIR
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security ApplicationsHatem Mahmoud
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )Monodip Singha Roy
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web securityrajakhurram
 
Analysis of the LAN Sync Protocol
Analysis of the LAN Sync ProtocolAnalysis of the LAN Sync Protocol
Analysis of the LAN Sync ProtocolSJSU
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarDr. Shivashankar
 
Scaling MQTT With Apache Kafka
Scaling MQTT With Apache KafkaScaling MQTT With Apache Kafka
Scaling MQTT With Apache Kafkakellogh
 

Similaire à wolfSSL TLS 1.3 Support in 2018 (20)

CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL)
 
SecureSocketLayer.ppt
SecureSocketLayer.pptSecureSocketLayer.ppt
SecureSocketLayer.ppt
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLS
 
CNIT 141: 13. TLS
CNIT 141: 13. TLSCNIT 141: 13. TLS
CNIT 141: 13. TLS
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Cryptography by Afroz haider mir
Cryptography by Afroz haider mirCryptography by Afroz haider mir
Cryptography by Afroz haider mir
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
Network Security Applications
Network Security ApplicationsNetwork Security Applications
Network Security Applications
 
SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )SECURE SOCKET LAYER ( WEB SECURITY )
SECURE SOCKET LAYER ( WEB SECURITY )
 
Lecture 6 web security
Lecture 6 web securityLecture 6 web security
Lecture 6 web security
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Analysis of the LAN Sync Protocol
Analysis of the LAN Sync ProtocolAnalysis of the LAN Sync Protocol
Analysis of the LAN Sync Protocol
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Network Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr ShivashankarNetwork Security_Module_2_Dr Shivashankar
Network Security_Module_2_Dr Shivashankar
 
Scaling MQTT With Apache Kafka
Scaling MQTT With Apache KafkaScaling MQTT With Apache Kafka
Scaling MQTT With Apache Kafka
 

Plus de wolfSSL

wolfSSL Performance Improvements 2018
wolfSSL Performance Improvements 2018wolfSSL Performance Improvements 2018
wolfSSL Performance Improvements 2018wolfSSL
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSwolfSSL
 
Kerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunityKerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunitywolfSSL
 
yaSSL 2010-2011 Technical and Community Update
yaSSL 2010-2011 Technical and Community UpdateyaSSL 2010-2011 Technical and Community Update
yaSSL 2010-2011 Technical and Community UpdatewolfSSL
 
Securing MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLSecuring MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLwolfSSL
 
Securing memcache
Securing memcacheSecuring memcache
Securing memcachewolfSSL
 

Plus de wolfSSL (7)

wolfSSL Performance Improvements 2018
wolfSSL Performance Improvements 2018wolfSSL Performance Improvements 2018
wolfSSL Performance Improvements 2018
 
wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013wolfSSL Year In Review, 2013
wolfSSL Year In Review, 2013
 
Secure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLSSecure Communication: Usability and Necessity of SSL/TLS
Secure Communication: Usability and Necessity of SSL/TLS
 
Kerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of OpportunityKerberos + Android: A Tale of Opportunity
Kerberos + Android: A Tale of Opportunity
 
yaSSL 2010-2011 Technical and Community Update
yaSSL 2010-2011 Technical and Community UpdateyaSSL 2010-2011 Technical and Community Update
yaSSL 2010-2011 Technical and Community Update
 
Securing MySQL with a Focus on SSL
Securing MySQL with a Focus on SSLSecuring MySQL with a Focus on SSL
Securing MySQL with a Focus on SSL
 
Securing memcache
Securing memcacheSecuring memcache
Securing memcache
 

Dernier

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Dernier (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

wolfSSL TLS 1.3 Support in 2018

  • 2. TLS v1.3 - Status • Draft 22 out and being tested • Middlebox compatibility • Draft 23 • Renumber key_share extension • RSA-PSS negotiation for certificates and messages
  • 3. TLS v1.3 - Middleboxes • Boxes sitting between user and website • Network scanners • TLS Proxies • Adware and Malware • ClientHello and ServerHello look more like TLS v1.2 • Encrypted messages after a ChangeCipherSpec
  • 4. TLS v1.3 - Middleboxes • Mozilla customer tested there browser connecting to controlled website: tls13.facebook.com Failure Rate US only TLS v1.2 4.8491% 3.2477% TLS v1.3 Draft 22 5.0174% 3.4521% TLS v1.3 Draft 22 Compat 4.8090% 3.2394% Source: https://mailarchive.ietf.org/arch/msg/tls/6pGGT-wm5vSkacMFPEPvFMEnj-M
  • 5. TLS v1.3 in TLSWG • Gone to third last call • IANA Registry Updates published • Still minor edits to be made that don’t affect wire format • Last call ends 26 January • Then … ???
  • 6. TLS 1.3 - Interop Testing • Extensive testing of Draft 18 against Mozilla products and OpenSSL • Extensive testing of Draft 22 against OpenSSL • 27 different test cases • All ciphers suites, RSA and ECC certificates, DH and ECDH (+X25519) • Fragmentation, HHR, Resumption, KeyUpdate, EarlyData, Padding in record layer
  • 7. TLS 1.3 - Configure • --enable-tls13 —enable-tls13-draft18 • --enable-session-ticket --enable-psk • --enable-postauth • --enable-earlydata • --enable-hrrcookie • -DWOLFSSL_TLS13_MIDDLEBOX_COMPAT • -DWOLFSSL_TLS13_TICKET_BEFORE_FINISHED
  • 8. TLS 1.3 - Examples • C_EXTRA_FLAGS=“-DWOLFSSL_DEBUG_TLS” • HelloRetryRequest: -J (client) • No Forward secrecy with PSK: -K (client/server) • Update keys and IVs: -I (client) -U (server) • Early Data: -0 (client/server) • Post-Handshake Auth: -Q (client/server) • Cookie Extension containing state: -J (server)
  • 9. TLS 1.3 - API Changes • PSK DHE: wolfSSL_CTX_no_dhe_psk() • Post handshake authentication • wolfSSL_CTX_allow_post_handhshake_auth() • wolfSSL_request_certifcate() • Key Shares • wolfSSL_NoKeyShares() • wolfSSL_UseKeyShare() • wolfSSL_send_hrr_cookie() • Update Keys: wolfSSL_update_keys()
  • 10. TLS 1.3 - API Changes • Tickets • wolfSSL_no_ticket_TLSv13() • Early Data • wolfSSL_read_early_data() • wolfSSL_write_early_data() • wolfSSL_set_max_early_data() • Accept/Connect - don’t need to use • wolfSSL_accept_TLSv13() • wolfSSL_connect_TLSv13()
  • 11. TLS 1.3 - Questions