Welcome to another Bulletproof TLS Newsletter. As before, there were many interesting developments in the computer security space, even in the smaller SSL/TLS segment that we care are about here.
In this issue:
- SHA1 deprecation continues
- POODLE, POODLE TLS and SSL v3
- DNSSEC/DANE: Good or bad?
- RC4: More troubles ahead?
- WoSign offers free server and email certificates
SHA1 deprecation continues
Slowly but surely, Chrome is advancing their SHA1 deprecation plans. Chrome 41, which is expected in early March, will warn about SHA1 certificates that expire in 2016 and treat as insecure SHA1 certificates that expire in 2017. If you fall into one of these two categories, you should get new certificates as soon as possible. If you believe you should continue to use SHA1 for better compatibility with old clients, you can avoid warnings and errors by using certificates that expire in 2015.
POODLE, POODLE TLS and SSL v3
As a result of the POODLE and POODLE TLS discoveries, SSL v3 is going away. Many companies have already disabled this old and insecure protocol version. Browsers are doing the same, Firefox in version 34 and Chrome in version 40. This month, Microsoft released an update for Internet Explorer 11 that prevents fallback to SSL v3. They also said that they would be disabling SSL v3 altogether in April.
DNSSEC/DANE: Good or bad?
In January, we saw a very interesting discussion about DNSSEC and DANE. It started with Thomas Ptacek writing a blog post arguing against DNSSEC, with a follow-up discussion on Hacker News. Thomas then wrote another blog post to clarify his arguments. Adam Langley chimed in to discuss DANE from browser perspective. If you were looking for good arguments for and against DNSSEC/DANE, these posts are a great starting point.
RC4: More troubles ahead?
As much as we would all love to see RC4 fully deprecated and retired forever, it still remains in heavy use. According to SSL Pulse, about 74% servers support RC4 suites, and about 23% servers even use it with modern browsers. The discovery of POODLE and POODLE TLS problems certainly contributed to the problem, with many system owners seeing RC4 as their only option. That said, in the near future we might see events that will lead toward faster reduction of RC4 usage. The TLS working group concluded their discussion about RC4, which will soon result with a new RFC that forbids further usage of this insecure cipher. Then there's new research in development that improves upon known attacks against RC4, as evidenced by a poster that was shown during the Real World Crypto conference in London in January. In 2013, Jacob Appelbaum claimed that RC4 can be broken in real time, but offered no evidence. We.re hoping this might change in late March, when Itsik Mantin presents at Black Hat Europe. He's promising complete breakage under certain conditions. We can't wait.
WoSign offers free server and email certificates
You might have already heard about Let's Encrypt, a free certification authority planned for later this year. They got a lot of people excited, but they're not ready just yet. In the meantime, WoSign, a Chinese CA, decided to take the lead by offering free web server and email certificates.