The Transport Layer Security protocol, also known as TLS, is used to encrypt data transfer over the Internet. TLS is primarily used to encrypt communications between servers and applications, but it is also used in encrypting emails, messages, etc.
Proper encryption is extremely important for data security and for protecting important and sensitive information such as user credentials, financial information, sensitive personal data and correspondence, and more.
If you have no encryption enabled on your server, all traffic to and from your web application is transported via unencrypted channels. This leaves your users vulnerable to man-in-the-middle attacks and loss of sensitive information. It can also lead to a full system compromise if attackers obtain administrative credentials.
TLS Encryption Security Assessment
CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
What is TLS encryption?
TLS is a cryptographic protocol that evolved from the now-deprecated Secure Socket Layer (SSL) protocol. The purpose of both protocols is to secure web sessions and data transfer over the internet, mainly on the application layer, though not exclusively.
When properly applied, TLS encryption offers several major security advantages:
- Authentication: it enables clients to verify the identity of the server, i.e., that they are connected to the real server
- Confidentiality: it prevents attackers from reading the contents of traffic
- Integrity: it prevents attackers from modifying traffic
- Replay prevention: it protects against attackers replaying requests against the server
How does TLS work?
To use TLS, a website or application must have TLS enabled on its server via a TLS certificate. This certificate, issued by a Certificate Authority (CA), contains information about who owns the domain. It also contains the server’s public key, which is used when a client wants to connect to the server. The key and the information about the domain owner are both important to validate the server’s identity and make sure that it is who it claims to be.
Technically, a server may use a self-signed certificate, but in such a case, the client must explicitly choose to trust the certificate. It is best that a publicly trusted CA issues a certificate.
To connect to a server using TLS, the client and the server exchange the so-called TLS handshake sequence. The sequence goes through the following steps:
- Negotiation: The two parties agree on the TLS version and the cipher suite they will be using
- Authentication: The server’s identity is authenticated via the certificate (there are also types of TLS handshake that require the client’s authentication)
- Encryption: Session keys (i.e. the master secret) that will be necessary to encrypt traffic are established with the use of the public and private keys of each party
- Message authentication: A message authentication code (MAC) is provided by the TLS protocol to ensure the integrity and authenticity of each exchanged message
To guarantee the robustness of data encryption, the TLS handshake sequence uses asymmetric cryptography (public and private keys). The client and the server negotiate a shared secret via these keys without prior knowledge. This means that as they use an unencrypted channel, they come to an agreement, independently of each other, about how to encrypt communications afterward.
Asymmetric encryption has its own set of possible vulnerabilities, most of which can be prevented via perfect forward secrecy, which is supported by TLS.
Combined, all of the above constitutes the process of securing data exchange via the TLS protocol. It enables the exchange of authenticated and encrypted communication whose integrity is guaranteed.
TLS encryption vulnerability information
Lack of TLS encryption is a major vulnerability that leaves traffic exposed and easily accessible by malevolent parties.
But even with TLS encryption, there are a number of possible directions from which your application can be attacked and compromised. Some of the attacks that can be launched against systems using TLS encryption include:
- Renegotiation attacks
- Downgrade attacks
- Cross-protocol attacks
- Timing attacks on padding
- BEAST, CRIME, BREACH, and POODLE attacks, and more
Prevention Guide
Learn how to detect and prevent different kinds of SSL/TLS vulnerabilities.
How to prevent TLS vulnerabilities
The OWASP Cheat Sheet section on Transport Layer Protection offers a number of measures that can be taken to prevent TLS vulnerabilities. These include:
Server configuration
- Only provide support to strong protocols such as TLS 1.2 and 1.3, and disable all other protocols
- Only providе support to strong ciphers and, if possible, only Galois/Counter Mode (GCM) ciphers
- If using an ephemeral Diffie-Hellman key exchange, only strong DH parameters should be used
- Disablе TLS compression to prevent CRIME
- Keep cryptographic libraries up to date with the latest patches
- Test the server configuration once it has been hardened
Certificates
- Usе a strong private key and protect it from unauthorized access via filesystem permissions and other controls
- Usе strong cryptographic hashing algorithms such as SHA-256
- Ensurе the domain name matches the fully qualified name of the server that presents the certificate
- Reconsider the use of Wildcard Certificates due to the increased risk of a security compromise
- Usе a trusted and well-known certificate authority (CA)
- Usе Certification Authority Authorization (CAA) DNS records to define the CAs that can issue certificates
- Always provide intermediate certificates along with the main certificate
- Consider the use of extended validation (EV) certificates if they can provide additional security and value
Application
- Use TLS for all pages, not just sensitive ones
- Do not use non-TLS content (such as JavaScript or CSS) on pages that are available over TLS
- Flag all cookies with the Secure attribute
- Use HTTP headers to instruct browsers not to cache sensitive information
- Utilize HTTP Strict Transport Security (HSTS) to make sure the user’s browser always requests the site over HTTPS
- Consider the use of Client-Side Certificates so that clients are also required to verify their identity
- Use public key pinning to provide assurance that the server’s certificate is valid, trusted, and matches the certificate expected for the server
How to enable TLS encryption
To provide a secure way for your users to communicate with your web application, you must enable TLS encryption. You can enable TLS encryption by Configuring Trusted Certificates.
