Hacker News new | past | comments | ask | show | jobs | submit login
The Illustrated TLS 1.3 Connection (xargs.org)
278 points by manchoz on Aug 3, 2022 | hide | past | favorite | 20 comments



As noted in the header, there are also versions of this for TLS 1.2, DTLS 1.3, and QUIC:

https://tls12.xargs.org/

https://dtls.xargs.org/

https://quic.xargs.org/


I don’t have it linked in the header but I’m also proud of https://curves.xargs.org, a visual explainer that (hopes to) give you an understanding of elliptic curve key exchange (ECDHE).


That's really slick, one of my favorite animated diagrams is the generic Fast Fourier Transform animation, and this definitely scratches that same itch. As someone who's horribly bad at math and visualizing this stuff, thank you!


It's amazing how much overhead there is in the handshake just for backwards compatibility with previous versions.


Every one of them is traceable to working around some broken hardware or software out there that insists on everything looking like TLS 1.2.

The good news is that TLS 1.3 moves everything possible into encrypted data, so in future versions spectators will not be able to see protocol differences and more compatibility hacks won’t be needed.


Huh, it seems xargs.org is the new name for ulfheim.net ? Presumably the author fancied a change? At first I thought this might be a hijack or a rip-off, but everything checks out.

For what it's worth, I don't recommend name changes. Obviously live your own life, but changing your name is a lasting inconvenience (ask any married western woman who made the mistake of saying "Yeah I'll take his name") and the rewards seem very thin.


I thought of ulfheim too and it redirects to the new site.

Author's reasoning:

> A few years ago a hate group started using the "ulfheim" name for their own purposes. It's useless trying to reclaim a word, so I'm moving to the domain "http://xargs.org".

https://twitter.com/xargsnotbombs/status/1538227164599812096...


Yes, it’s still my site. I mirror all old hostnames across both domains but new sites will only have the xargs hostname most likely.

It bothered me that anyone wondering about the domain would likely do a search on the word and end up at the list of SPLC hate groups. My choice was to add a disclaimer to everything I publish or just change domain names. I went with the latter.


Thanks for making this wonderful resource. It’s been invaluable for me to understand the protocol itself.

I’m sorry to hear the original name was hijacked by a hate group and you had to go out of your way to avoid such things.


Glad to hear it was helpful!


Interesting quote from the site, I wonder how common this is in the age of open source:

> Almost everything I've done professionally is behind the wall of private intellectual property. It's an odd thing to spend decades doing work that you're proud of, but having nothing to show for it.


Are there any corporate MITMs that can handle TLS 1.3 regardless of the client executable?

It looks like TLS 1.3 will eliminate the capture of encrypted malware communications.

I’m assuming that most of the corporations will ban use of TLS 1.3 which is somewhat problematic for the future of such a core protocol.


RFC 8446, the TLS 1.3 standard, is almost exactly 4 years old, but in practice some clients and servers spoke TLS 1.3 (either the actual final protocol, or a draft that's equivalent except a parameter is different and the anti-downgrade is disabled in drafts) for many months before that too. Today about half of popular web servers speak TLS 1.3

So, you're describing today's reality as if it's a far off impossible dream that you're sure can't ever happen.


This has been argued to death. Previously, on HN:

https://news.ycombinator.com/item?id=12641880

> You're a bit late to the party. We're metaphorically speaking at the stage of emptying the ash trays and hunting for the not quite empty beer cans.

> I agree, this isn't a low margin business either. We are talking about inferior security for all internet users for the sake of Well Fargo's quarterly report.

> most of the corporations will ban use of TLS 1.3

literally one employee at one bank Wells Fargo said anything about it, after all was said and done.

If the future of TLS depends on these idiots, we are all doomed anyway.


Yes, TLS 1.3 decryption is now supported in most of the tooling these companies use. The most widely deployed enterprise firewall for example added it a couple years ago[1]. The linked thread in the other reply to your question is 6 years old and the issues have basically been resolved.

1. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/d...


Note that this (and similar technologies from other vendors) is actually just a proxy. There is no "Man in the middle" in the cryptographic sense, the user has decided (or been forced by corporate policy) to allow their communications to be snooped by the proxy.

If you go look at the certificate chains in your browser, you'll see that yup, instead of a public CA you're trusting Palo Alto Networks Inc. or whoever to "verify" that you're really talking to news.ycombinator.com


Forward proxy is the most common configuration (and is what most people have in mind when they say "MITM" anyway), but you can also load server certs directly. Depending on the key exchange method there may still be proxying, but it's transparent to the client at that point.


>(and is what most people have in mind when they say "MITM" anyway)

Forward proxying isn't what I have in mind when I think MITM. Forward proxying means changing your browser settings to format the request in a new way and intentionally send it to a proxy which will then forward it to the destination. MITM means the browser attempts to send it to the destination without any formatting change, but a MITM inserts itself in the middle through some mechanism (modifying DNS, modifying IP routing).


The context is TLS decryption in enterprise network security. People using MITM here are talking about proxying in a broad sense (the sense tialaramex used), not browser settings. "Forward proxy" is just the name of the setting in the firewall I linked.

I think what I said also holds generally, though, e.g. "MITM" is a standard way of describing tools like mitmproxy and Fiddler. These tools of course proxy connections, which is how they're able to work with forward secrecy.

Anyway, the actual point of my reply was the "Inbound inspection"[1] decryption option. This option is classic MITM and relevant specifically for the internal traffic use cases mcny linked to. There's still proxying for TLS 1.3, but the client can't tell.

1. https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/d...


Huh, interesting, I hadn't heard the term forward proxy used to refer to that before. I think that's kind of confusing to reuse forward proxy to mean something different. There's already a term for what the document is doing: MITM. I don't see why they need to additionally use the term forward proxy to describe it when forward proxy is also used to describe something else.

Yeah, you're right about mitmproxy and Fiddler. They MITM the inner connection, while also acting as a proxy. The browser thinks it's simply proxying its connection to the destination through Fiddler, and doesn't realize that in addition to acting as a proxy, Fiddler is also acting as a MITM. So Fiddler is a proxy at the outer layer and a MITM of the inner layer.

Interesting, Palo Alto networks has 3 features:

    1. Forward proxy
    2. Inbound inspection without PFS algorithms
    3. Inbound inspection with PFS algorithms
The way I would describe those is

    1. Active MITM that generates new server HTTPS certs+keys from a trusted root
    2. Passive MTIM that uses the genuine server HTTPS private key
    3. Active MITM that uses the genuine server HTTPS private key
All 3 of those cases are both a network MITM and a TLS MITM. As opposed to Fiddler which is a TLS MITM but not a network MITM (the browser intentionally sent traffic to Fiddler).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: