[openssl-dev] Fwd: [TLS] Update on TLS 1.3 Middlebox Issues

Matt Caswell matt at openssl.org
Fri Oct 6 21:30:03 UTC 2017 

An update on the TLS1.3 middlebox issue posted to the TLS WG list which
may be of interest to the openssl-dev group.

Matt


-------- Forwarded Message --------
Subject: 	[TLS] Update on TLS 1.3 Middlebox Issues
Date: 	Fri, 6 Oct 2017 13:16:37 -0700
From: 	Eric Rescorla <ekr at rtfm.com>
To: 	tls at ietf.org <tls at ietf.org>



Hi folks,

In Prague I mentioned that we were seeing evidence of increased
failures with TLS 1.3 which we believed were due to middleboxes. In
the meantime, several of us have done experiments on this, and I
wanted to provide an update.

The high-order bit is that *negotiating* TLS 1.3 seems to cause
increased failures with a variety of middleboxes (it’s generally safe
to offer TLS 1.3 to servers which don’t support it). The measured
incremental error rates vary quite a bit, ranging from minimal
(Facebook) to ~1.5% (Firefox) and ~3.4% (Chrome). Each of us is using
a slightly different methodology (organic versus forced traffic) and
different populations (mobile, desktop, enterprise, etc), but it does
seem like there is a nontrivial failure rate. At this point, we have
two options:

- Fall back to TLS 1.2 (as we have unfortunately done for previous releases)
- Try to make small adaptations to TLS 1.3 to make it work better with
middleboxes.

The Chrome team has been working on angle #2 and has been having
success with an approach of trying to make TLS 1.3 connections look
more like TLS 1.2. Their current experiments get them down to about 1%
incremental failures and they are currently measuring some changes
they hope will shave that down more. These changes are a bit annoying
but basically superficial; they do not affect the cryptography.

Separately, Firefox and Facebook have been experimenting with the new
content type described in PR#1051 (Google’s and Facebook’s results
conflict, so this is a bit of a mystery). We hope to have results from
both sets of experiments by end of October, at which point we should
be able to discuss the best way forward as a group.

-Ekr


-------------- next part --------------
_______________________________________________
TLS mailing list
TLS at ietf.org
https://www.ietf.org/mailman/listinfo/tls

More information about the openssl-dev mailing list