Chrome 63 and the new SSL (TLS 1.3)
At Ixia we have talked a lot about changes coming to SSL, in particular the coming of TLS 1.3. We have done press releases on support for TLS 1.3 and ephemeral key. Our CMO, Marie Hattar has blogged about how Ixia Active SSL solves visibility challenges for TLS 1.3. Scott Register, our VP of Product Management has even given very easy to follow and digest talks on TLS 1.3 and visibility into new ephemeral key SSL.
One thing we haven’t spent much airtime on has been where you will first come across TLS 1.3 on your live, production network. Thanks to Google, that mystery is solved.
Enter Chrome 63
Google does a pretty good job of spinning rapid fire innovation into its flagship browser. Release 63 is no exception. Bundled in are enhanced security features (which will results in Chrome using even more memory) as well as something really interesting:
TLS 1.3, which will be first rolled out for Chrome and will be specific to Gmail connections. This limited rollout is a smart move – Google controls both end points, making troubleshooting (as well as rollbacks, if needed) easy. Sure, in theory, everything should work fine, and most likely it will, but the wilds of production deployment are a lot more random than labs are and tend to find issues that never showed up in testing. Smart move on Google’s part.
Yeah, but what does this mean?
Oh, almost forgot. Yes, there is this new thing, and it is "a thing." What does the coming of TLS 1.3 mean for the average enterprise network administrator? It means that suddenly many security tools will go blind to this new traffic unless specific steps are taken. As some devices rely on hardware for encryption and decryption, even if a given device can be updated with software, there may be a (signficant) performance hit related to looking into this new SSL traffic. One way around this would be to use Ixia Network Packet Brokers for encryption and decryption.