The SSL/TLS protocol suite is critical for Internet security. Unfortunately, it’s one of those things that’s nice in theory but messy in practice. Good news — a very promising project is bringing help!
We commonly say that we use SSL to secure Internet activity. However, that statement taken literally is very out of date! We really should not use SSL, we should use TLS, Transport Layer Security. SSL was developed back in the 1990s. Version 1.0 never made it out of Netscape labs, v2.0 was quickly found to have several flaws, and v3.0 was released in 1996 to address those flaws.
TLS v1.0 was released in 1999, upgrading SSL. Since then, TLS v1.1 and v1.2 came out in 2006 and 2008, respectively. They have protected against some vulnerabilities of earlier versions and added stronger cryptographic tools.
Unfortunately, browsers and web servers have stuck with nearly 20-year-old protocols that are known to have serious security flaws. A number of major bug discoveries throughout 2014 have finally made it clear that we must move forward. (I’ve discussed some of those earlier, for example, here, here, and here, plus the embarrassing hack of openssl.org.) The most recent of these (at least as of when I’m writing this in early November) is the so-called Poodle bug in SSL v3.
I have lots of details on the development and vulnerability history of SSL/TLS on a page on my site, but the short version is:
It’s well past time to disable all versions of SSL and run TLS v1.2.
This new security tool comes out of the OpenBSD project. OpenBSD is the only general-purpose operating system specifically designed for security.
The project is the source of OpenSSH, which provides the majority of Secure Shell implementations. Linux, Mac OS X, and the various BSD implementations simply use OpenSSH. Solaris and other commercial UNIX-family operating systems use their own configuration and compilation of OpenSSH so it identifies itself as, say, Solaris Secure Shell, but is really OpenSSH inside. Now the OpenBSD developers have turned their attention to TLS.
The new implementation is the result of forking the code off the open-source SSL and making some interesting changes. Even if you don’t plan to immediately use LibreSSL, it provides some nice examples of secure design, implementation, and code auditing. The project is very much in the OpenBSD style, which is to say secure.
They removed over 90,000 lines of C code in the first week, as they removed unused code blocks and support for now-rare environments. No more support for NetWare, OS/2, 16-bit Windows, or other antiquated platforms.
Then they removed outdated protocols and features including SSLv2 (SSLv3 is grudgingly supported but disabled by default), MD2, the Dual_EC_DRBG algorithm and its suspected back door, the heartbeat functionality that made the Heartbleed attack possible, and other outdated and untrusted features.
They moved the cryptography forward, adding new and more trusted algorithms including stream ciphers, message authentication codes, and elliptic curve ciphers.
OpenSSL has been plagued with a number of open bug tracker reports that have languished for a year or more. The LibreSSL team is fixing those in their forked version.
As for code quality and trustworthiness moving forward, they have done what I think of as pre-emptive debugging. They have replaced custom memory management routines with calls to the standard C libraries. Extra checks have been done for argument size, variable assignments, and return methods, and coding style standards have been applied to make the source code easier to read and therefore easier to audit and spot bugs. They also modified the compilation directives to generate more cautious warnings and error checking. Think of much of this category as preemptive debugging.
The result was included in this month’s OpenBSD 5.6 release. In even better news for most people, a portable version of LibreSSL has been released, and it can be built and installed on Linux, OS X, and Solaris. The Linux server course I teach shows you how to build and install open-source software. LibreSSL definitely looks like a useful tool!