Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday.
Getting TLS 1.3 into users hands and working with infrastructure has been a long, slow process: the first version of its Internet-Draft dates back to April 2014, it reached version 23 in January of this year, and there's still work to come.
As Hackers.mu developer Logan Velvindron explained to us last October, so-called “middleboxes” can still break when confronted with a TLS 1.3 session. Tests conducted by the IETF working group in December 2017 showed around a 3.25 percent failure rate of TLS 1.3 client connections.
The OpenSSL developers say version 1.1.1 is binary and API compatible with the current version, 1.1.0, so it should act as a “drop in” replacement to let developers use TLS 1.3.
Is anything that simple? Of course not – this is an alpha after all. OpenSSL's announcement says that for now version 1.1.1 “should not be used for security critical purposes”.
The big change from TLS 1.2 to TLS 1.3 is that the new version will deprecate old cryptographic algorithms entirely, instead of allowing them to be configured into an operational system.
Cloudflare blogged in September 2016 (when the optimistic hope was that the spec would be finalised by December 2016), that there's an extensive list of potential holes that the new TLS version will bury forever.
As that post explained, RSA key transport (which lacks forward secrecy), CBC mode ciphers (BEAST attacks, anyone?), the insecure RC4 stream cipher and the ancient SHA-1, a Diffie-Hellman slip up, and the FREAK/Logjam bugs are all deprecated, rather than hanging around awaiting a developer's configuration error.
There's more than TLS 1.3 in the OpenSSL release. Other features highlighted by the dev team include implementing SHA3 and multi-prime RSA; support for the SipHash set of pseudorandom functions; and a “grand redesign” of the OpenSSL random number generator. ®