35C3 Keynote: The Journey to TLS 1.3 and Enhanced Internet Security 🔐
Explore the challenges and breakthroughs in adopting TLS 1.3, the latest in internet encryption technology, and how it’s shaping a more secure online world. Watch the full talk for insights into the evolution of secure communication.
media.ccc.de
4.5K views • Dec 27, 2018
About this video
https://media.ccc.de/v/35c3-9607-the_rocky_road_to_tls_1_3_and_better_internet_encryption
Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3.
In August the new version 1.3 of the Transport Layer Security (TLS) protocol was released. It‘s the result of a process that started over four years ago when it became increasingly clear that previous TLS versions suffered from some major weaknesses.
In many ways TLS 1.3 is the biggest step ever done in the history of TLS and its predecessor SSL. While previous TLS versions always tried to retain compatibility and not change too many things, the new version radically removes problematic and insecure constructions like static RSA key exchanges, fragile CBC/HMAC constructions and broken hash functions like MD5 and SHA1.
As a bonus TLS 1.3 comes with a reworked handshake that reduces the number of round-trips and thus provides not just more security, but also better performance. If that sounds too good to be true: An optional, even faster mode of TLS 1.3 – the zero round trip or 0RTT mode – makes some security researchers worried, because they fear it introduces new security risks due to replay attacks.
Though the road to TLS 1.3 was complicated. The Internet is a buggy place and particularly Enterprise devices of all kinds – middleboxes, TLS-terminating servers and TLS-interception devices – slowed down the deployment and finalization of the new encryption protocol. Also some banks thought that TLS 1.3 is too secure for them.
The talk will give an overview of the developments that led to TLS 1.3, the major changes it brings, the challenges it had to face and some practical advice for deployment.
hanno
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9607.html
Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3.
In August the new version 1.3 of the Transport Layer Security (TLS) protocol was released. It‘s the result of a process that started over four years ago when it became increasingly clear that previous TLS versions suffered from some major weaknesses.
In many ways TLS 1.3 is the biggest step ever done in the history of TLS and its predecessor SSL. While previous TLS versions always tried to retain compatibility and not change too many things, the new version radically removes problematic and insecure constructions like static RSA key exchanges, fragile CBC/HMAC constructions and broken hash functions like MD5 and SHA1.
As a bonus TLS 1.3 comes with a reworked handshake that reduces the number of round-trips and thus provides not just more security, but also better performance. If that sounds too good to be true: An optional, even faster mode of TLS 1.3 – the zero round trip or 0RTT mode – makes some security researchers worried, because they fear it introduces new security risks due to replay attacks.
Though the road to TLS 1.3 was complicated. The Internet is a buggy place and particularly Enterprise devices of all kinds – middleboxes, TLS-terminating servers and TLS-interception devices – slowed down the deployment and finalization of the new encryption protocol. Also some banks thought that TLS 1.3 is too secure for them.
The talk will give an overview of the developments that led to TLS 1.3, the major changes it brings, the challenges it had to face and some practical advice for deployment.
hanno
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9607.html
Video Information
Views
4.5K
Likes
97
Duration
01:00:38
Published
Dec 27, 2018
User Reviews
4.6
(4) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.