Re: [TLS] Update on TLS 1.3 Middlebox Issues

Loganaden Velvindron <loganaden@gmail.com> Mon, 06 November 2017 14:31 UTC

Return-Path: <loganaden@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03B3813FC21 for <tls@ietfa.amsl.com>; Mon, 6 Nov 2017 06:31:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9Wmyj_l_TAh for <tls@ietfa.amsl.com>; Mon, 6 Nov 2017 06:31:35 -0800 (PST)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65B1913F3D5 for <tls@ietf.org>; Mon, 6 Nov 2017 06:31:35 -0800 (PST)
Received: by mail-lf0-x233.google.com with SMTP id k40so10715326lfi.4 for <tls@ietf.org>; Mon, 06 Nov 2017 06:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=6VcX6SJdhad6FDJsfkqAs/kD78c1ZV7Y2U/9zBMtxXo=; b=WA5bvLACt9sEsQrxUgSypq617Pg45ibrzgSWtZnHLLl5N15nIB04VV5qaMwqCHAVoI 4tuQ4ApVJvimsVkoo+A6oz+crZ1JENeSdWYmccEzjzPJ9SeMIsWjonBAdppccw/pW45O vzF0nL9DpiNyIeeiO4J25RjitXFzO/DKEE9/z1RgY9vm+672z0c0QS0/3Vl+Hcapoy3o mFeCz/lyxrFXkueozk+76/NnsZlsD7RmOLITTcdUkR8N4dMQM0be3rHymMxf/TeYYQhs NmLXrfMjPtQD325oiiXvWi6w+ULiWDh0Yd7BNvBVqxJrZ7r5HV8OySAgD+QYKIcHnwjb uxoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=6VcX6SJdhad6FDJsfkqAs/kD78c1ZV7Y2U/9zBMtxXo=; b=S8LETdwh3G0jRLF+Y2wxFJM2TMIR1wRzFM2WBPGlekZAL8q1z0vXF3YWt9SkJVwYBD N4Gtiuj/vlzIHuNBCRmgsunp9sVdQoLP9aVACoZukX+CUsWLS1LuiGDX7i9hvD+GAbVN K7fO38Q9xuGnr3+IQHLQuCfsyPU8IsmVxHMuKRvvgNVtmCZO6az9CdQKRzDP2FdxAqxI sS6m2Jj2cZxhbNFwv1Vw+EpXTg1UUAkwPC2MOiiszk+UrBu8DSqe5Mk1gCKaByG+NQD0 GlZJ3xpCmQk+IcI2D7OMb/fOSXHUAkfD77i22e9OWf7j5JkNZSFQIlHpbx4HnWJPu6o8 EKHg==
X-Gm-Message-State: AJaThX7OX4eZbsqPp4rjYwI54/dfRH8TjtyOXDwv3EDGxpo4xs7R8RoC jJR8NUPCAYkkhBGt9YkzjFp02vdA4LAHIE4vZOEB7w==
X-Google-Smtp-Source: ABhQp+QmfKbek6VlMd5y3G6w7kRrA8C4Y1Kx1PG1UdQIs3obgV4m2AyyMrIe5KOd4GTc315e0vM6Opd1tWEeD/hwnxA=
X-Received: by 10.25.78.89 with SMTP id c86mr5304801lfb.1.1509978693562; Mon, 06 Nov 2017 06:31:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.46.64.76 with HTTP; Mon, 6 Nov 2017 06:31:32 -0800 (PST)
In-Reply-To: <CABcZeBMoW8B78C5UmLqAim4X=jQ8jVRYTP-L7RVnU3AScdFvFw@mail.gmail.com>
References: <CABcZeBMoW8B78C5UmLqAim4X=jQ8jVRYTP-L7RVnU3AScdFvFw@mail.gmail.com>
From: Loganaden Velvindron <loganaden@gmail.com>
Date: Mon, 6 Nov 2017 18:31:32 +0400
Message-ID: <CAOp4FwSJ_pufvazekzndKVX_=uf3rUWZYBBC6wpQL0AdCjGvOw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: "tls@ietf.org" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/kze6-ccJ-G6JurGvFUk6Rv3G6NI>
Subject: Re: [TLS] Update on TLS 1.3 Middlebox Issues
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 14:31:37 -0000

On Sat, Oct 7, 2017 at 12:16 AM, Eric Rescorla <ekr@rtfm.com>; wrote:
> Hi folks,
>
> In Prague I mentioned that we were seeing evidence of increased
> failures with TLS 1.3 which we believed were due to middleboxes. In
> the meantime, several of us have done experiments on this, and I
> wanted to provide an update.
>
> The high-order bit is that *negotiating* TLS 1.3 seems to cause
> increased failures with a variety of middleboxes (it’s generally safe
> to offer TLS 1.3 to servers which don’t support it). The measured
> incremental error rates vary quite a bit, ranging from minimal
> (Facebook) to ~1.5% (Firefox) and ~3.4% (Chrome). Each of us is using
> a slightly different methodology (organic versus forced traffic) and
> different populations (mobile, desktop, enterprise, etc), but it does
> seem like there is a nontrivial failure rate. At this point, we have
> two options:
>
> - Fall back to TLS 1.2 (as we have unfortunately done for previous releases)
> - Try to make small adaptations to TLS 1.3 to make it work better with
> middleboxes.
>

We (hackers.mu) ran tests across different Mobile & FTTH providers,
and large wifi hotspot vendors across the island of Mauritius:

Mauritius Telecom FTTH: no issues with TLS 1.3
Emtel (mobile): no issues with TLS 1.3
Mauritius Telecom (mobile): no issues with TLS 1.3
AlwaysOn: Gateway has issues with TLS 1.3 (draft-18), when forcing all
HTTPS traffic to their HTTPS web-based portal.

Before authentication via SSL/TLS:


./bin/openssl s_client -connect tls13.crypto.mozilla.org:443 -tls1_3
-CApath=/etc/ssl/certs/
CONNECTED(00000003)
140130750743872:error:14094410:SSL routines:ssl3_read_bytes:sslv3
alert handshake failure:ssl/record/rec_layer_s3.c:1471:SSL alert
number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 184 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
SSL-Session:
Protocol : TLSv1.3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1509976305
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---

I'm reaching out to the AlwaysOn service, which appears to be quite
well popular in South Africa as well.

//Logan
C-x-C-c