Skip to main content
  • Six Applied Networking Research Prizes Awarded for 2023

    Six network researchers have received Internet Research Task Force Applied Networking Research Prize (ANRP), an award focused on recent results in applied networking research and on interesting new research of potential relevance to the Internet standards community.

    • Grant GrossIETF Blog Reporter
    9 Jan 2023
  • Travel grants allow Ph.D. students to participate at IETF meeting in-person

    Sergio Aguilar Romero and Martine Sophie Lenders, both Ph.D. students in technology fields, attended and participated in the IETF 115 meeting in London with assistance through travel grants from the Internet Research Task Force.

    • Grant GrossIETF Blog Reporter
    6 Jan 2023
  • Impressions from the Internet Architecture Board E-Impact Workshop

    The IAB ran an online workshop in December 2022 to begin to explore and understand the environmental impacts of the Internet. The discussion was active, and it will take time to summarise and produce the workshop report – but the topic is important, so we wanted to share some early impressions of the outcomes.

    • Jari ArkkoIAB Member
    • Colin PerkinsIAB Member
    6 Jan 2023
  • Submit Birds of a Feather session proposals for IETF 116 now

    Proposals for BOF sessions during the IETF 116 meeting can be submitted through 27 January 2023 to foster initial discussions about a particular topic among the IETF Community.

    • Lars EggertIETF Chair
    21 Dec 2022
  • Launch of IETF Community Survey 2022

    The 2022 IETF Community Survey is live! Respond by 23 January 2023.

    • Jay DaleyIETF Executive Director
    20 Dec 2022

Filter by topic and date

Filter by topic and date

IETF Hackathon: Getting TLS 1.3 working in the browser

  • Nick Sullivan

17 Apr 2016

Over the last few years, the IETF community has been focused on improving and expanding the use of the technical foundations for Internet security.

IETF Hackathon @ IETF 95

Part of that work has been updating and deploying protocols such as Transport Layer Security (TLS), with the first draft of the latest version of TLS, TLS 1.3, published a bit more than two years ago on 17 April 2014. Since then, work on TLS 1.3 has continued with expert review and initial implementations aimed at providing a solid base for broad deployment of improved security on the global Internet.

In February of this year, the Internet Society hosted the TRON(TLS 1.3 Ready Or Not) workshop. The main goal of TRON was to gather feedback from developers and academics about the security of TLS 1.3. The conclusion of the workshop was that TLS 1.3 was, unfortunately, not ready yet.

One of the reasons it was deemed not yet ready was that there needed to be more real-world testing of independently written implementations. There were some implementations of the core protocol, but nobody had put together a full browser-to-server test. And some of the more exciting new features like PSK-based resumption (which brings improved forward secrecy to session tickets) and 0-RTT (which reduces latency for resumed connections) were still unimplemented.

The latest IETF Hackathon held two days before IETF 95 provided the kind of focused and collaborative environment that is conducive for working through implementation and interoperability without distraction. In Buenos Aires, I was joined by key members of the Mozilla team (Eric Rescorla, Richard Barnes and Martin Thompson) as well as some other great people who joined the team on the dates of the Hackathon. We had two main stacks to work with: NSS, the cryptography library that powers Firefox; and Mint, a Golang based implementation created by Richard Barnes that I had set up on tls13.cloudflare.com.

The goals were:

  • Finish integration with Firefox so we can do an HTTPS request
  • Demonstrate Firefox->CloudFlare interoperability (with tls13.cloudflare.com)
  • Resumption-PSK between NSS and Mint
  • 0-RTT between NSS and Mint
  • 0-RTT in Firefox

We also had a stretch goal of getting 0-RTT working between Firefox and CloudFlare’s test site.

Getting TLS 1.3 integrated in Firefox took until late Saturday night (we continued in the hotel bar after the Hackathon room closed), but after fighting through segmentation faults, C++11 lambda issues, and obtaining a trusted certificate through Let’s Encrypt, we were able to see a glorious “Hi there!” with a lock icon in Firefox. By the end of the Hackathon on Sunday, we were able to browse the TLS 1.3 specification on tls13.cloudflare.com with PSK-based session resumption in Firefox.

Although we were not able to get 0-RTT working between Firefox and CloudFlare in time for the demo (we were so very close), the Hackathon was deemed a success and we were given the “Best Achievement” award. It was great experience and proved invaluable for understanding how TLS 1.3 will work in practice. I’d like to thank the IETF for hosting this event and Huawei for sponsoring it.

The work at this Hackathon and the subsequent meetings at IETF 95 have helped solidify the core features of TLS 1.3. In the coming months, the remaining issues will be discussed on the TLS Working Group mailing list with the hope that a final draft can be completed soon after IETF 96 in Berlin.


Share this page