This presentation covers the current status of TLS 1.3 in the wolfSSL embedded TLS library (as of the time it was presented). It talks about the Draft status of TLS 1.3, middlebox compatibility, extensions, RSA-PSS negotiation and the specification's progress in the TLSWG (TLS Working Group).
www.wolfssl.com
www.wolfssl.com/tls13
2. TLS v1.3 - Status
• Draft 22 out and being tested
• Middlebox compatibility
• Draft 23
• Renumber key_share extension
• RSA-PSS negotiation for certificates and
messages
3. TLS v1.3 - Middleboxes
• Boxes sitting between user and website
• Network scanners
• TLS Proxies
• Adware and Malware
• ClientHello and ServerHello look more like TLS v1.2
• Encrypted messages after a ChangeCipherSpec
4. TLS v1.3 - Middleboxes
• Mozilla customer tested there browser connecting
to controlled website: tls13.facebook.com
Failure Rate US only
TLS v1.2 4.8491% 3.2477%
TLS v1.3 Draft 22 5.0174% 3.4521%
TLS v1.3 Draft 22
Compat
4.8090% 3.2394%
Source: https://mailarchive.ietf.org/arch/msg/tls/6pGGT-wm5vSkacMFPEPvFMEnj-M
5. TLS v1.3 in TLSWG
• Gone to third last call
• IANA Registry Updates published
• Still minor edits to be made that don’t affect wire
format
• Last call ends 26 January
• Then … ???
6. TLS 1.3 - Interop Testing
• Extensive testing of Draft 18 against Mozilla products
and OpenSSL
• Extensive testing of Draft 22 against OpenSSL
• 27 different test cases
• All ciphers suites, RSA and ECC certificates, DH
and ECDH (+X25519)
• Fragmentation, HHR, Resumption, KeyUpdate,
EarlyData, Padding in record layer
10. TLS 1.3 - API Changes
• Tickets
• wolfSSL_no_ticket_TLSv13()
• Early Data
• wolfSSL_read_early_data()
• wolfSSL_write_early_data()
• wolfSSL_set_max_early_data()
• Accept/Connect - don’t need to use
• wolfSSL_accept_TLSv13()
• wolfSSL_connect_TLSv13()