The National Security Agency (NSA) is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security (TLS) protocol instances.
The agency this week released new guidance and tools to equip companies to update from obsolete older versions of TLS (TLS 1.0 and TLS 1.1) to newer versions of the protocol (TLS 1.2 or TLS 1.3).
TLS (as well as its precursor, Secure Sockets Layer, or SSL) was developed as a protocol aimed to provide a private, secure channel between servers and clients to communicate. However, various new attacks against TLS and the algorithms it uses have been revealed – from Heartbleed to POODLE – rendering the older versions of the protocol insecure.
“The standards and most products have been updated, but implementations often have not kept up,” said the NSA in its guidance this week. “Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. As a result, all systems should avoid using obsolete configurations for TLS and SSL protocols.”
The NSA’s alert adds on to an existing collective push for updating TLS protocols, with some of the biggest standards bodies and regulators mandating that web server operators ensure they move to TLS 1.2 before the end of 2020. At the same time, many major browsers – including Chrome and Mozilla– have deprecated support for TLS 1.0 and TLS 1.1.
As of March 2020, more than 850,000 websites still used TLS 1.0 and 1.1 protocols. Meanwhile, according to the SANS ISC in December, TLS 1.3 is supported by about one in every five HTTPS server, showing steady adoption of the newer protocol version.
“TLSv1.3 is arguably the first TLS protocol version which focused more on security concerns than it did on compatibility issues,” Craig Young, principal security researcher at Tripwire, told Threatpost. “TLSv1.2 and earlier specifications have repeatedly included esoteric workarounds for known attacks rather than deprecating broken technologies. TLSv1.3 introduces new handshake mechanisms and ciphersuites with mandated perfect forward secrecy and authenticated encryption. The overall impact is a strong protection against downgrade attacks and other cryptographic attacks.”
“There really is no reason for organizations to delay in deploying TLSv1.3 in 2021, but some organizations may be hesitant because of the potential impact on SSL/TLS inspection systems,” Young told Threatpost. “This is a potential problem because these products often work by intercepting TLS connections and TLSv1.3 has been designed to guard against this.”
The NSA’s alert, intended for the National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) cybersecurity leaders, as well as system administrators and network security analysts, provided further guidance on how to detect and update outdated TLS versions.
Part of the NSA’s recommendations include using network monitoring systems to detect obsolete TLS versions. The NSA also provided further information about prioritization of remediation for obsolete TLS versions.
“Network monitoring devices can be configured to alert analysts to servers and/or clients that negotiate obsolete TLS or can be used to block weak TLS traffic,” according to the NSA. “The choice to alert and/or block will depend on the organization. To minimize mission impact, organizations should use a phased approach to detecting and fixing clients and servers until an acceptable number have been remediated before implementing blocking rules.”
Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that there are hundreds of thousands, and even millions, of machine identities and connections in businesses and governments that need to be updated.
“Ultimately, the world’s economy depends on authenticating networks of computers that can communicate privately. Without these authenticated networks, transitions, trade, orders and more cannot be trusted,” said Bocek. “This is why the NSA is raising the alarm, TLS secures the Internet and older versions of the protocol should not persist.”
Security focused content delivery network provider Cloudflare has previously stated that “both TLS 1.0 and TLS 1.1 are insufficient for protecting information due to known vulnerabilities. Specifically for Cloudflare customers, the primary impact of PCI is that TLS 1.0 and TLS 1.1 are insufficient to secure payment card related traffic.”
Nick Sullivan, head of research at Cloudflare, told Threatpost that all Cloudflare customers get access to the latest encryption protocols, including TLS 1.2 and TLS 1.3.
“Enabling TLS 1.3 is both a performance and a security upgrade over TLS 1.2, so we highly encourage other industry players to deploy TLS 1.3 support as soon as possible,” Sullivan told Threatpost.
Supply-Chain Security: A 10-Point Audit Webinar: Is your company’s software supply-chain prepared for an attack? On Wed., Jan. 20 at 2p.m. ET, start identifying weaknesses in your supply-chain with actionable advice from experts – part of a limited-engagement and LIVE Threatpost webinar. CISOs, AppDev and SysAdmin are invited to ask a panel of A-list cybersecurity experts how they can avoid being caught exposed in a post-SolarWinds-hack world. Attendance is limited: Register Now and reserve a spot for this exclusive Threatpost Supply-Chain Security webinar — Jan. 20, 2 p.m. ET.