Re: [TLS] Update on TLS 1.3 Middlebox Issues

Loganaden Velvindron <> Mon, 06 November 2017 14:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 03B3813FC21 for <>; Mon, 6 Nov 2017 06:31:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id q9Wmyj_l_TAh for <>; Mon, 6 Nov 2017 06:31:35 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 65B1913F3D5 for <>; Mon, 6 Nov 2017 06:31:35 -0800 (PST)
Received: by with SMTP id k40so10715326lfi.4 for <>; Mon, 06 Nov 2017 06:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6VcX6SJdhad6FDJsfkqAs/kD78c1ZV7Y2U/9zBMtxXo=; b=WA5bvLACt9sEsQrxUgSypq617Pg45ibrzgSWtZnHLLl5N15nIB04VV5qaMwqCHAVoI 4tuQ4ApVJvimsVkoo+A6oz+crZ1JENeSdWYmccEzjzPJ9SeMIsWjonBAdppccw/pW45O vzF0nL9DpiNyIeeiO4J25RjitXFzO/DKEE9/z1RgY9vm+672z0c0QS0/3Vl+Hcapoy3o mFeCz/lyxrFXkueozk+76/NnsZlsD7RmOLITTcdUkR8N4dMQM0be3rHymMxf/TeYYQhs NmLXrfMjPtQD325oiiXvWi6w+ULiWDh0Yd7BNvBVqxJrZ7r5HV8OySAgD+QYKIcHnwjb uxoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6VcX6SJdhad6FDJsfkqAs/kD78c1ZV7Y2U/9zBMtxXo=; b=S8LETdwh3G0jRLF+Y2wxFJM2TMIR1wRzFM2WBPGlekZAL8q1z0vXF3YWt9SkJVwYBD N4Gtiuj/vlzIHuNBCRmgsunp9sVdQoLP9aVACoZukX+CUsWLS1LuiGDX7i9hvD+GAbVN K7fO38Q9xuGnr3+IQHLQuCfsyPU8IsmVxHMuKRvvgNVtmCZO6az9CdQKRzDP2FdxAqxI sS6m2Jj2cZxhbNFwv1Vw+EpXTg1UUAkwPC2MOiiszk+UrBu8DSqe5Mk1gCKaByG+NQD0 GlZJ3xpCmQk+IcI2D7OMb/fOSXHUAkfD77i22e9OWf7j5JkNZSFQIlHpbx4HnWJPu6o8 EKHg==
X-Gm-Message-State: AJaThX7OX4eZbsqPp4rjYwI54/dfRH8TjtyOXDwv3EDGxpo4xs7R8RoC jJR8NUPCAYkkhBGt9YkzjFp02vdA4LAHIE4vZOEB7w==
X-Google-Smtp-Source: ABhQp+QmfKbek6VlMd5y3G6w7kRrA8C4Y1Kx1PG1UdQIs3obgV4m2AyyMrIe5KOd4GTc315e0vM6Opd1tWEeD/hwnxA=
X-Received: by with SMTP id c86mr5304801lfb.1.1509978693562; Mon, 06 Nov 2017 06:31:33 -0800 (PST)
MIME-Version: 1.0
Received: by with HTTP; Mon, 6 Nov 2017 06:31:32 -0800 (PST)
In-Reply-To: <>
References: <>
From: Loganaden Velvindron <>
Date: Mon, 6 Nov 2017 18:31:32 +0400
Message-ID: <>
To: Eric Rescorla <>
Cc: "" <>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Nov 2017 14:31:37 -0000

On Sat, Oct 7, 2017 at 12:16 AM, Eric Rescorla <>; wrote:
> Hi folks,
> In Prague I mentioned that we were seeing evidence of increased
> failures with TLS 1.3 which we believed were due to middleboxes. In
> the meantime, several of us have done experiments on this, and I
> wanted to provide an update.
> The high-order bit is that *negotiating* TLS 1.3 seems to cause
> increased failures with a variety of middleboxes (it’s generally safe
> to offer TLS 1.3 to servers which don’t support it). The measured
> incremental error rates vary quite a bit, ranging from minimal
> (Facebook) to ~1.5% (Firefox) and ~3.4% (Chrome). Each of us is using
> a slightly different methodology (organic versus forced traffic) and
> different populations (mobile, desktop, enterprise, etc), but it does
> seem like there is a nontrivial failure rate. At this point, we have
> two options:
> - Fall back to TLS 1.2 (as we have unfortunately done for previous releases)
> - Try to make small adaptations to TLS 1.3 to make it work better with
> middleboxes.

We ( ran tests across different Mobile & FTTH providers,
and large wifi hotspot vendors across the island of Mauritius:

Mauritius Telecom FTTH: no issues with TLS 1.3
Emtel (mobile): no issues with TLS 1.3
Mauritius Telecom (mobile): no issues with TLS 1.3
AlwaysOn: Gateway has issues with TLS 1.3 (draft-18), when forcing all
HTTPS traffic to their HTTPS web-based portal.

Before authentication via SSL/TLS:

./bin/openssl s_client -connect -tls1_3
140130750743872:error:14094410:SSL routines:ssl3_read_bytes:sslv3
alert handshake failure:ssl/record/rec_layer_s3.c:1471:SSL alert
number 40
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 184 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Protocol : TLSv1.3
Cipher : 0000
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1509976305
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no

I'm reaching out to the AlwaysOn service, which appears to be quite
well popular in South Africa as well.