Bulletproof TLS Newsletter

Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.

Quantum computers have the potential of compromising the security of almost all public key encryption systems in use today. This has led to discussions in the TLS community on how to face this threat.

Google developer Adam Langley announced that Google soon will deploy a new TLS key exchange method called CECPQ2 (combined elliptic curve and postquantum key exchange). It uses a combination of the classic X25519 elliptic curve key exchange and a variant of the HRSS key exchange.

HRSS is one of the submissions of the NIST postquantum cryptography competition and a variant of the NTRU algorithm. However, Google will use a variation of HRSS that includes an improvement that avoids the occasional rare failures in the original scheme.

Google started testing a postquantum key exchange in 2016 using the NewHope algorithm; the key exchange was named CECPQ1. But this was only a temporary experiment that ended a few months later.

Short news

• OpenSSL explained that its future versioning strategy, version 2.0.0, will be skipped; the next major version will be 3.0.0 and will include a license change.
• A paper titled “The 9 Lives of Bleichenbacher’s CAT” presents a new variant of Bleichenbacher attacks against RSA in TLS using Cache side channels.
• Cloudflare’s Vlad Krasnov explains how Cloudflare deployed TLS 1.3 with a Go-based implementation on NGINX with the Linux SCM_RIGHTS feature.
• The new version of iOS 12.1.1 enforces Apple’s Certificate Transparency policy, which requires all certificates issued after October 15, 2018, to include SCTs.
• The IETF has published a statement regarding the so-called ETLS standard from the European ETSI standardization organization. The IETF particularly criticizes the fact that ETSI chose to use TLS in the name of the protocol. ETLS is a variant of TLS 1.3 that allows passively decrypting data traffic with a static key; previous attempts to standardize such a weakened mode of TLS have been rejected by the IETF.
• An expired certificate from Ericsson has caused a larger outage of O2’s mobile infrastructure.
• Researchers from NCC and Cloudflare have published a paper proposing to use the Noise protocol with QUIC.
• NSS has released version 3.41.
• A research paper published on Arxiv investigates bugs in X.509 parsers.
• Several Java libraries fail to validate host names in certificates properly.
• The OpenSSL project was started twenty years ago. The OpenSSL team took the opportunity of the anniversary to write about the project’s history.
• A denial-of-service vulnerability has been found and fixed in the TLS stack of Go.
• OSTIF has published an audit of the OpenSSL random number generator.
• David Wong has created a more readable specification for TLS 1.3, including video explanations and graphical diagrams.
• At the 35th Chaos Communication Congress, a talk about TLS 1.3 was given by the author of this newsletter. A talk about recent developments in postquantum cryptography was given by Tanja Lange and Daniel Bernstein.
• The National Academies of Sciences, Engineering, and Medicine have released a report about the state of quantum computers in which they come to the conclusion that “new cryptography must be developed and deployed now, even though a quantum computer that could compromise today’s cryptography is likely at least a decade away.”
• In a blog post, Let’s Encrypt announced planned features for 2019, including multiperspective validation and ECDSA roots.
• Buypass is a new CA that offers free DV certificates via ACME.
• A vulnerability in two man-in-the-middle TLS interception products, Net Nanny and Untangle NG Firewall, made them trust test certificates from Windows.