TLS v 1 3 0 RTT Support and
![TLS v 1. 3 0 -RTT Support (and some other SSL stuff) Update Fei TLS v 1. 3 0 -RTT Support (and some other SSL stuff) Update Fei](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-1.jpg)
![Total Round Trip Times (Pre TLS v 1. 3) ● ● ● 4 phases Total Round Trip Times (Pre TLS v 1. 3) ● ● ● 4 phases](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-2.jpg)
![TLS v 1. 3 1 -RTT and 0 -RTT 3 RTT + DNS 2 TLS v 1. 3 1 -RTT and 0 -RTT 3 RTT + DNS 2](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-3.jpg)
![Configs and Setup ● ● SSL_CTX_set_max_early_data ○ Specifies the maximum amount of early data Configs and Setup ● ● SSL_CTX_set_max_early_data ○ Specifies the maximum amount of early data](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-4.jpg)
![Configs and Setup (cont. ) ● ● SSL_CTX_set_options ○ The built-in anti-replay must be Configs and Setup (cont. ) ● ● SSL_CTX_set_options ○ The built-in anti-replay must be](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-5.jpg)
![Implementation (SSL Accept) // replace call to SSL_accept while (1) { ret = SSL_read_early_data(ssl, Implementation (SSL Accept) // replace call to SSL_accept while (1) { ret = SSL_read_early_data(ssl,](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-6.jpg)
![Implementation (SSL Read) // add to ssl read if (early_data_buf. len() > 0) { Implementation (SSL Read) // add to ssl read if (early_data_buf. len() > 0) {](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-7.jpg)
![Implementation (SSL Write) // add to ssl write if (!SSL_is_init_finished(ssl)) { ret = SSL_write_early_data(ssl, Implementation (SSL Write) // add to ssl write if (!SSL_is_init_finished(ssl)) { ret = SSL_write_early_data(ssl,](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-8.jpg)
![Replay Attack Replay Attack](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-9.jpg)
![Anti Replay ● ● ● Allow tickets once. ○ The call back function set Anti Replay ● ● ● Allow tickets once. ○ The call back function set](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-10.jpg)
![SSL Session Reuse Plugin ● ● ● Used to be Yahoo proprietary, now open SSL Session Reuse Plugin ● ● ● Used to be Yahoo proprietary, now open](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-11.jpg)
![Discussion ● When do we want this? ● What other changes is needed? Requested: Discussion ● When do we want this? ● What other changes is needed? Requested:](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-12.jpg)
![](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-13.jpg)
- Slides: 13
![TLS v 1 3 0 RTT Support and some other SSL stuff Update Fei TLS v 1. 3 0 -RTT Support (and some other SSL stuff) Update Fei](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-1.jpg)
TLS v 1. 3 0 -RTT Support (and some other SSL stuff) Update Fei Deng
![Total Round Trip Times Pre TLS v 1 3 4 phases Total Round Trip Times (Pre TLS v 1. 3) ● ● ● 4 phases](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-2.jpg)
Total Round Trip Times (Pre TLS v 1. 3) ● ● ● 4 phases when a browser access a site for the first time ○ DNS lookup ○ TCP handshake ■ 1 round trip ○ TLS handshake ■ 2 round trips ← this is where the magic happens in TLS v 1. 3 0 -RTT ○ HTTP ■ 1 round trip New Connection: 4 RTT + DNS Resumed Connection: 3 RTT + DNS
![TLS v 1 3 1 RTT and 0 RTT 3 RTT DNS 2 TLS v 1. 3 1 -RTT and 0 -RTT 3 RTT + DNS 2](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-3.jpg)
TLS v 1. 3 1 -RTT and 0 -RTT 3 RTT + DNS 2 RTT + DNS
![Configs and Setup SSLCTXsetmaxearlydata Specifies the maximum amount of early data Configs and Setup ● ● SSL_CTX_set_max_early_data ○ Specifies the maximum amount of early data](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-4.jpg)
Configs and Setup ● ● SSL_CTX_set_max_early_data ○ Specifies the maximum amount of early data in bytes that is permitted to be sent on a single connection. ○ Setting to 0 effectively disables 0 -RTT. ○ Value is provided by config options “proxy. config. ssl. server. max_early_data” (records. config). ○ Default value of this setting is 0 (0 -RTT is disabled by default). SSL_CTX_set_recv_max_early_data ○ Specifies the maximum amount of received early data in bytes that is skipped. If a client sends more than this then the connection will abort. ○ Removed the config option “proxy. config. ssl. server. recv_max_early_data” due to the confusions caused by it (setup automatically now). ○ The value used here is set to be the same as “proxy. config. ssl. server. max_early_data”, if this value is greater than the default 16384. Otherwise the default value is used instead. ○ Default value is 16384.
![Configs and Setup cont SSLCTXsetoptions The builtin antireplay must be Configs and Setup (cont. ) ● ● SSL_CTX_set_options ○ The built-in anti-replay must be](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-5.jpg)
Configs and Setup (cont. ) ● ● SSL_CTX_set_options ○ The built-in anti-replay must be disabled in order to use external session cache (per documentation by Open. SSL). ○ Non-blocking ssl_accept() calls confuses built-in anti-replay mechanism, so now we disable the built-in anti-replay for both Open. SSL’s internal session cache and ATS’ implementation of session cache. proxy. config. ssl. server. allow_early_data_params ○ Part of the anti-replay protection mechanism. ○ Set to 1 to allow HTTP parameters on early data requests, 0 to not allow. ○ Default value of this setting is 0.
![Implementation SSL Accept replace call to SSLaccept while 1 ret SSLreadearlydatassl Implementation (SSL Accept) // replace call to SSL_accept while (1) { ret = SSL_read_early_data(ssl,](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-6.jpg)
Implementation (SSL Accept) // replace call to SSL_accept while (1) { ret = SSL_read_early_data(ssl, buf, size, &nread); if (ret == SSL_READ_EARLY_DATA_ERROR) { break; } else { if (nread > 0) { early_data_buf. append(buf); } if (ret == SSL_READ_EARLY_DATA_FINISH) { // ret will most likely be WANT_READ here, which is used // to go to the next stage of processing early data. ret = SSL_accept(ssl); early_data_finish = true; break; } } }
![Implementation SSL Read add to ssl read if earlydatabuf len 0 Implementation (SSL Read) // add to ssl read if (early_data_buf. len() > 0) {](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-7.jpg)
Implementation (SSL Read) // add to ssl read if (early_data_buf. len() > 0) { buf = early_data_buf. copy(); return 0; } if (!early_data_finish) { // read early data // same logic as when we were doing ssl accept // directly read in to read buffer, and don’t need to copy to “early_data_buf” }
![Implementation SSL Write add to ssl write if SSLisinitfinishedssl ret SSLwriteearlydatassl Implementation (SSL Write) // add to ssl write if (!SSL_is_init_finished(ssl)) { ret = SSL_write_early_data(ssl,](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-8.jpg)
Implementation (SSL Write) // add to ssl write if (!SSL_is_init_finished(ssl)) { ret = SSL_write_early_data(ssl, buf, nbytes, &nwrite); } else { ret = SSL_write(ssl, buf, nbytes); }
![Replay Attack Replay Attack](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-9.jpg)
Replay Attack
![Anti Replay Allow tickets once The call back function set Anti Replay ● ● ● Allow tickets once. ○ The call back function set](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-10.jpg)
Anti Replay ● ● ● Allow tickets once. ○ The call back function set by “SSL_CTX_set_tlsext_ticket_key_cb” returns 2. ○ Only protects per server (i. e. replays to a different server still works). Ticket freshness check ○ Built into openssl. ○ Only protects per server (i. e. replays to a different server still works). Safe methods only. ○ Only allows GET and HEAD method (requested by Leif). ○ Does NOT allow any parameters in the request.
![SSL Session Reuse Plugin Used to be Yahoo proprietary now open SSL Session Reuse Plugin ● ● ● Used to be Yahoo proprietary, now open](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-11.jpg)
SSL Session Reuse Plugin ● ● ● Used to be Yahoo proprietary, now open sourced. Shares session information using redis. Tested in production (deployed in a few locations).
![Discussion When do we want this What other changes is needed Requested Discussion ● When do we want this? ● What other changes is needed? Requested:](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-12.jpg)
Discussion ● When do we want this? ● What other changes is needed? Requested: Use “sni. yaml” for configs. ● SSL session reuse plugin. ○ Feedback? ○
![](https://slidetodoc.com/presentation_image/4bbb94e619c92eeef3e66edc32cb3f1f/image-13.jpg)