Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Maintained by Hanno Böck.

Google has been a major force in pushing HTTPS by default. For years, Google stated that the plan was to mark all HTTP connections as insecure in the Chrome browser eventually. However, this was a change that couldn’t happen overnight. It would have caused too many warnings for average Internet users, ultimately leading to warning fatigue.

But now, due to the rise in HTTPS connections, Google has decided that the time for a secure web by default has come. In July, with the release of version 68, default warnings for all HTTP web pages will land in Chrome.

This outcome was prepared over a long period. Chrome started by showing warnings on login forms and later extended that to all input forms. Also, many powerful web features like microphone access, geolocation, or HTTP/2 have been offered only via HTTPS. Mozilla has implemented similar measurements.

A blog post by Cloudflare’s Patrick Donahue provides a good overview of the path to a web that is HTTPS by default.

Short news

• GitHub has disabled support for older TLS versions 1.0 and 1.1. This action was announced in February 2017. A GitHub blog post provides a list of old clients that have compatibility problems and don’t support TLS 1.2. It’s expected that more pages will soon start deprecating old TLS versions, and in June, the PCI credit card standard will require disabling TLS 1.0.
• Researchers created an overview web page about the lattice-based algorithm proposals in the NIST postquantum competition.
• The Caddy web server has planned a telemetry project in which it will collect data from page visitors, including lots of information related to TLS connections.
• The new RFC 8314 lays out how to run a modern mail server with TLS encryption required. Notable is that using the implicit TLS ports for POP3, IMAP, and SMTP, which previously have been unofficial and sometimes considered deprecated, is now the recommended method for TLS.
• The Chrome and Firefox browsers started distrusting old Symantec certificates. This plan was announced in August 2017, but many webmasters still don’t seem prepared to carry it out. Arkadiy Tetelman and Scott Helme independently checked webpages that use the certificates that will be distrusted. Users who want to check if they are affected can try to connect to their web pages with Chrome Canary or Firefox Nightly or can check the developer tools console in Chrome. SSL Labs also tests for the affected certificates.
• Scott Helme discussed certificate lifetimes in a blog post.
• OpenSSL released the first alpha of version 1.1.1. The largest change is the addition of support for the upcoming TLS 1.3.
• TLS 1.3 is in last call, meaning that hopefully we will see the final version very soon.
• Researchers found cryptographic vulnerabilities in Tencent’s QQ Browser. Notably, they found that the Chinese browser used Textbook RSA and RSA with extremely short and trivially breakable keys.
• A blog post shows how X.509 extensions can sometimes be used for data exfiltration.
• Gerv Markam has been working as part of Mozilla’s CA program and has made substantial contributions to the security of the CA ecosystem in the past years. Gerv is stepping down from his duties at Mozilla due to ill health.
• SSL Labs has announced changes for its rating criteria. Notably, pages without forward secrecy and without AEAD will no longer get an A rating, and pages vulnerable to ROBOT will get an F.
• Let’s Encrypt had previously announced support for wildcard certificates by the end of February, but such support has been delayed.
• Scott Helme posted statistics about TLS features in the Alexa Top 1 Million.