Heavy Networking 594: TLS 1.3 Down Deep With Ed Harmoush
The Everything Feed - All Packet Pushers Pods - A podcast by Packet Pushers
Categories:
If you are communicating securely over a network between two endpoints, what’s that mean to you, that you’re “communicating securely”? It should mean at least three things. * That you confidently know who you’re talking to. * That your conversation is private–indecipherable to third parties. * That no one’s messed with the conversation while it was in-flight. If you’re using Transport Layer Security (TLS), you get all of these things. TLS can verify the validity of a certificate that identifies who you are talking to. TLS ensures that the conversation wasn’t messed with. TLS also encrypts the conversation between, say, your browser and an HTTP server. If all is well, you get that padlock in the address bar. Like anything in the world of IT, TLS has gone through various versions. TLS 1.1 and 1.2 are still commonly used, but TLS 1.3 is really where it’s at. TLS 1.3 is a big deal, and we’re going to discuss why on today’s Heavy Networking. Our guest is Ed Harmoush. Ed’s a professional instructor who’s researched TLS 1.3 and more as he’s prepped for his latest course offering, Practical TLS, which you can find at practicalnetworking.net. Use coupon PacketPushers100 to get $100 off this deep dive course from Ed. In This Podcast, We Discuss… Is TLS an HTTP-only thing? Or do other protocols use it, too? Wait…are TLS and SSL the same thing? What’s wrong with TLS 1.1 & 1.2 that drove TLS 1.3? Is there going to be a TLS 1.4? Maybe I should just skip TLS 1.3… Will TLS 1.1 and 1.2 be phased out? Is there a timeline? What major web browsers and HTTP servers support TLS 1.3? Is TLS 1.3 well-supported today? I heard that TLS 1.3 can break proxy servers. Is that true? If so, what’s going on there? Are there proxies that support TLS 1.3? TLS 1.3 favors security & simplicity over backwards compatibility. What’s this mean to me? Cipher suites are different in TLS 1.3. How? Forward secrecy is now mandatory in TLS 1.3. What does this do to TLS/SSL decryption? So how DO we decrypt/inspect SSL traffic in TLS 1.3? AEAD ciphers are now mandatory. Why is that a good thing? TLS 1.3 can be more efficient. How? Let’s talk about handshakes. TLS 1.3 offers 0 Round Trip session resumption. What is this, and why do we care? What is the TLS 1.3 replay vulnerability with 0RTT, and how can this be mitigated? Sponsor: InterOptic InterOptic makes high quality optical modules you can rely on. Plus, they are far cheaper than OEM optics. Save big money without compromising quality. Visit interoptic.com/packet-pushers. More Ed! Practical TLS Course – Use coupon PacketPushers100 to get $100 off this deep dive course. This podcast was just a taste of the knowledge Ed can impart on TLS. Get his course to go ever deeper with more lecture and hands-on labs. Ed’s Site For Networking Nerds Ed On YouTube Ed On LinkedIn