TLS 1.2 Vulnerability

March 09, 2024

Overview

Table of Contents

Background
HTTPS
TLS
Vulnerabilities
Forward Secrecy Vulnerability
Weak Cipher Suites
Quantum Weakness
Others
Conclusion

Background
^

HTTPS
^

HTTPS (Hypertext Transfer Protocol Secure) is an application-layer transfer protocol that is secured via encryption. The encryption protocol used today is TLS (Transport Layer Security) and it is the successor of SSL (Secure Sockets Layer).

TLS
^

TLS is an encryption protocol that operates between layers 4-7 of the OSI model. The most important part of the protocol occurs on layer 4 (the transport layer where TCP occurs). It's in this layer where the TLS handshake occurs sequentially after the TCP handshake. During this handshake, the important key exchange occurs (that is associated to the website's certificate). This is also where the biggest potential for vulnerabilities exists. Note that a website's certificate is effectively the public key of an asymmetric key pair that you use to establish this key exchange to share a symmetric private key. This symmetric private key is used to encrypt the actual data because symmetric encryption is more suitable for larger amounts of data.

Before wrapping up this section, it's important to mention why TLS operates on layers 5-7 (in addition to 4):

  • Layer 5 (Session Layer): The key exchange establishes a session by way of the symmetric private key that is exchanged.
  • Layer 6 (Presentation Layer): The symmetric private key that is exchanged is responsible for encrypting the data that is transmitted after the key exchange. This encryption is the presentation of the data.
  • Layer 7 (Application Layer): This protocol lets the server know that the client is requesting the website through a TLS-secured port (typically through port 443 rather than 80).

Learn more about Symmetric vs Asymmetric Encryption.

Vulnerabilities
^

All of these vulnerabilities are addressed in TLS 1.3 (except for the quantum weakness).

Forward Secrecy Vulnerability
^

TLS 1.2 does not enforce Forward Secrecy (it's optional at the server). This means that if someone gains access to the private key that is exchanged in the key exchange, they can use it to decrypt all past and future messages. Forward Secrecy restricts private key usage to a single message.

However, it's important to note that exploiting this vulnerability is difficult unless access to either the client or server is gained.

Weak Cipher Suites
^

Each version of TLS has an approved list of cipher suites. Several of the cipher suites in TLS 1.2 have vulnerabilities, for example:

  • RC4
  • DSA
  • MD5
  • SHA1
  • Weak Elliptic Curves
  • RSA Key Exchange
  • Static Diffie-Hellman (DH, ECDH)
  • Triple DES (3DES)

Despite the removal of these weak cipher suites in TLS 1.3, weakness still exists -- to quantum attacks. This type of vulnerability is not likely to be exploited, but it's one that some may need to heed, given their application's use case, customers, and scale.

Quantum Weakness
^

The weakness to quantum attacks has largely to do with Shor's and Grover's algorithms. Shor's algorithm is able to reduce the problem space to intelligently brute force certain asymmetric ciphers from high-order exponential to polynomial time (e.g. RSA). Grover's is able to reduce the problem space to half of its exponential value for a larger number of ciphers (both symmetric and asymmetric, but mostly symmetric), even AES. For example, Grover's can reduce the problem space from approximately N128 to N64 for AES-128, which puts it in the realm of feasibility for a strong enough computer. AES-256 is considered quantum-resistant.

Candidates to replace existing quantum-weak asymmetric key exchange ciphers are being investigated by the NIST.

Others
^

Learn more from: HHS Cybersecurity Program.

Conclusion
^

Nothing that's connected to the internet can ever possibly be 100% secure. However, TLS 1.2 was released in 2008 and if your application intends to serve a large scale of customers, this simple update is a low-hanging fruit.

TLS 1.2, alongside this vulnerability, is expected to stick around for many years, given the time it takes for this scale of a deprecation.

Updated: 2024-03-11