In many areas of internet networking, but especially within the Web PKI and world of SSL\/TLS, we live with the decisions of the past. Weak cryptography, bad protocol designs, and non-standard software haunt us like some of the questionable decisions we made back in college.<\/p>\n
The basic cycle looks like this: An operating system or library is released. Organizations and businesses integrate and rely on that software. And then the ecosystem deals with that software\u2019s shortcomings for years and years and years.<\/span><\/p>\n As the internet grows in size and importance, we have tried to make smarter decisions to avoid – or at least shorten – that cycle.<\/p>\n Recently, two operating systems made updates that reflect two different approaches to ecosystem health:<\/p>\n Debian pushed a change to its pre-release build that would have it only <\/em>support TLS 1.2; and Microsoft added TLS 1.2 support to Windows Server 2008.<\/p>\n These two choices represent opposite perspectives – one looking forward, the other looking back.<\/p>\n Debian released a new version of the OpenSSL library to its unstable build<\/a> – a development version containing the latest cutting edge features; and supporting only <\/em>TLS 1.2 is certainly on that edge. That is a configuration rarely seen today – only Mozilla\u2019s \u201cModern\u201d configuration settings<\/a> recommend solely using TLS 1.2.<\/p>\n Kurt Roeckx, a long-time Debian developer who maintains its OpenSSL library, wrote \u201cI hope that by the time Buster releases the support for TLS 1.2 will be high enough that I don’t need to enable [TLS 1.0 & 1.1] again.\u201d<\/p>\n Buster is the codename for Debian 10, which is the next major release of the Linux distribution. There is no announced release date, but based on past releases, it is more than a year away.<\/p>\n For now, Roeckx does not have much sympathy for those that need older versions, writing to those that might be affected: \u201cI strongly suggest …you add support for [TLS 1.2], or get the other side to add support for it.\u201d<\/p>\n By the time Buster releases, it may no longer be seen as a \u2018daring\u2019 move to drop support for all SSL\/TLS versions before TLS 1.2. However, those familiar with SSL\/TLS and Web PKI know that we love to hang on to features for as long as possible.<\/p>\n Case in point, Microsoft has just \u00a0added TLS 1.1 & TLS 1.2 support to its aging Windows Server 2008<\/a> platform.<\/p>\n At face value, adding support for stronger versions of TLS seems like a good thing. However, when we look at Server 2008\u2019s other TLS capabilities, the potential downsides become more apparent:<\/p>\n That is not a very appealing HTTPS server. Probably not one you would want to use today, and definitely not one you will want to use three years from now.<\/p>\n Windows Server 2008 (which uses IIS 7) is still in its Extended Support phase until 2020<\/a>. But why add TLS 1.2 support now?<\/p>\n Well, starting June 2018, you will have to support TLS 1.1 or higher to be PCI compliant<\/a>. This update will allow Windows Server 2008 to continue to be used in systems that process, store, or transmit cardholder data.<\/p>\n Microsoft does not mention PCI in either of their blog posts about adding TLS 1.2. It says it wants to remove hurdles to \u201cdeprecating older security protocols\u201d and is committed to \u201cbest-in-class encryption<\/a>.\u201d<\/p>\n But if better security was really the goal, why did Microsoft neglect to add other modern capabilities? To be fair, Windows Server 2008\u2019s TLS support is not atrocious. It does at least have PFS (Perfect Forward Secrecy) ciphers thanks to ECDHE support<\/a>.<\/p>\n At some point, polishing up an aging system can actually be worse for security and the ecosystem as it gives businesses and users excuses to hold on to systems that should really be replaced or upgraded.<\/p>\n That\u2019s part of the reason that Chrome removed the entire class of Diffie-Hellman ciphers last year. While it could have easily left support for stronger 2048-bit parameters, it was a cleaner and safer solution to just do away with them altogether.<\/p>\n\n