IETF Hackathon: Getting TLS 1.3 working in the browser

The IETF Hackathon focuses on the “running code” aspect of the IETF process — specifications and software are best developed together. I wanted to share Nick Sullivan’s story of how his team built an implementation of TLS 1.3, as it is a good illustration of this principle.

Jari Arkko, IETF Chair

————

EstudioRomano-4711

Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security. Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

In February of this year, the Internet Society hosted the TRON (TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some of the more exciting new features like PSK-based resumption (which brings improved forward secrecy to session tickets) and 0-RTT (which reduces latency for resumed connections) were still unimplemented.

The latest IETF Hackathon held two days before IETF 95 provided the kind of focused and collaborative environment that is conducive for working through implementation and interoperability without distraction. In Buenos Aires, I was joined by key members of the Mozilla team (Eric Rescorla, Richard Barnes and Martin Thompson) as well as some other great people who joined the team on the dates of the Hackathon. We had two main stacks to work with: NSS, the cryptography library that powers Firefox; and Mint, a Golang based implementation created by Richard Barnes that I had set up on tls13.cloudflare.com.

The goals were:

  • Finish integration with Firefox so we can do an HTTPS request
  • Demonstrate Firefox->CloudFlare interoperability (with tls13.cloudflare.com)
  • Resumption-PSK between NSS and Mint
  • 0-RTT between NSS and Mint
  • 0-RTT in Firefox

We also had a stretch goal of getting 0-RTT working between Firefox and CloudFlare’s test site.

Getting TLS 1.3 integrated in Firefox took until late Saturday night (we continued in the hotel bar after the Hackathon room closed), but after fighting through segmentation faults, C++11 lambda issues, and obtaining a trusted certificate through Let’s Encrypt, we were able to see a glorious “Hi there!” with a lock icon in Firefox. By the end of the Hackathon on Sunday, we were able to browse the TLS 1.3 specification on tls13.cloudflare.com with PSK-based session resumption in Firefox.

Although we were not able to get 0-RTT working between Firefox and CloudFlare in time for the demo (we were so very close), the Hackathon was deemed a success and we were given the “Best Achievement” award. It was great experience and proved invaluable for understanding how TLS 1.3 will work in practice. I’d like to thank the IETF for hosting this event and Huawei for sponsoring it.

The work at this Hackathon and the subsequent meetings at IETF 95 have helped solidify the core features of TLS 1.3. In the coming months, the remaining issues will be discussed on the TLS Working Group mailing list with the hope that a final draft can be completed soon after IETF 96 in Berlin.

Nick Sullivan, CloudFlare