[RFC 8446] Add support for TLS 1.3

[alexw91]

Placeholder Issue to track all of the work that we need to do for adding support for TLS 1.3

[raycoll]

Using milestone instead.

[infinity0]

Link to the milestone: https://github.com/awslabs/s2n/milestone/1

It's currently empty, could we get a brief update for those of us following from outside the project? Thanks in advance.

[alexw91]

We're working on it. We'll start opening Pull Requests for TLS 1.3 once the RFC is finalized and out of draft mode.

[alexw91]

Looks like TLS 1.3 is now officially a RFC: https://www.rfc-editor.org/info/rfc8446 😄

[smartleoyu]

Any timeline for the TLS 1.3 release from s2n?

[colmmacc]

We have a goal to ship it in 2018, and we're happy for help! Some TLS1.3 work is already in progress, and there are even commits made already that are preparatory, such as re-organizing the core state machine and adding HKDF.

The reasons for waiting are a combination of AWS policy, where we tend to avoid running experimental protocols in production, and waiting until a version of OpenSSL is ready so that end-to-end compatibility and regression tests with another implementation can be present.

[smartleoyu]

Thanks for the prompt reply. Is it possible to try out a beta while waiting for the final release? Maybe this is against the AWS policy but it would facilitate some implementation work that relies on s2n.

[alexw91]

I finished reading all ~160 pages of the TLS 1.3 RFC last week and highlighted all the parts that are new or changed from TLS 1.2 as I was reading it, but I haven't had time yet to sit down and create GitHub Issues for everything yet.

I'm planning on going through my highlights and creating GitHub issues for all the TLS 1.3 work sometime soon (hopefully in the next week).

Edit: Github Issues created here.

[bestis]

We have a goal to ship it in 2018
waiting until a version of OpenSSL is ready

So what's the situation with this? Almost year has gone by and nothing has happened to tls1.3 support? It would be nice to get less round-trips to lessen the time to first byte.

[colmmacc]

We're working on it now as it happens :) This did get deprioritized a bit, based on a mix of things. In short: we wanted to perform more analysis of TLS1.3 (and in fact found a small issue) and some other priorities over took it.

[chris-wood]

@colmmacc If I may, what was the "small issue"?

[alexw91]

I believe the issues Colm was referring to were the following:

• Security Review of 0-RTT: Security Review of TLS1.3 0-RTT tlswg/tls13-spec#1001
• Selfie Attack on TLS 1.3: https://eprint.iacr.org/2019/347.pdf

[torntrousers]

Any news on the TLS 1.3 progress?

[demonfoo]

I'd very much like to know the same.

[zaherd]

We are doing good progress on TLS 1.3. You can track our effort by checking this project https://github.com/awslabs/s2n/projects/6

[balthazar]

For people interested, the new project seems to be https://github.com/awslabs/s2n/projects/9

[demonfoo]

Will that project be sufficient to actually roll out working TLSv1.3 in AWS ALBs, CloudFront, et al.? Considering that the prior project is long done, and earlier in this thread the claim was that it would be out in 2018 (which, unless one of the tickets includes time travel, obvs is not happening)...

[iamvajid]

We are in August 2020 :) Any light on the TLSv1.3 release ?

[eXeDK]

I would check the projects here: https://github.com/awslabs/s2n/projects

[bharel-lmi]

Is there an estimated ETA for ALB TLS 1.3 support?
Thanks.

[dougch]

Is there an estimated ETA for ALB TLS 1.3 support?
Thanks.

We've broken up TLS1.3 into sub-projects, see what has been closed out here. Currently part 3 -0RTT, is underway. Can you describe in more detail what ALB means for your use case?

[eriksw]

@dougch Separately, I'm curious about ETA for TLS_CHACHA20_POLY1305_SHA256 on the ALB <-> Backend side.

(Not a high priority, just a curiosity, particularly with respect to arm-based EC2 instances.)

[pprindeville]

We are in August 2020 :) Any light on the TLSv1.3 release ?

And now it's August 2021...

[balthazar]

Amazon is a small startup with barely enough funding to get more than three engs full-time, be understanding guys.

[exussum12]

Can you describe in more detail what ALB means for your use case

@dougch for me its being supported here

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

Using curl --tlsv1.3 alb.address should work if the security policy has 1.3 enabled

part 3 has now been closed, but I still can't use tls 1.3

[zaherd]

Thank you for your comments.
A functional release of TLS1,3 has been added to s2n back in August 2020. We recently added the support of additional functionalities including session resumption and early data. We now have complete implementation of the new version. If you have any specific functionality, please don't hesitate to open an issue for us.

[exussum12]

Would it be possible to add this as a security policy then ?

[zaherd]

Would it be possible to add this as a security policy then ?

I contacted the ALB team and asked them to reach out to you and provide more details about their TLS1.3 plans.

[pprindeville]

On AMI Linux 2, if I do a yum update mod_ssl will I get a TLSv1.3 capable package?

[eshwar-natarajan]

AWS Team, what are the plans for adding support to TLS1.3 on AWS ALB? I have a customer insisting on the same to be security compliant.

AWS NLB supports it for long time and I don't see any roadmap for ALB yet.

[ishworg]

NLB listener support for tls1.3 has landed https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies late last year or early this year.

thanks 👍🏼

[eshwar-natarajan]

I am looking for TLS 1.3 on ALB and since it is yet not available, I am using NLB - ALB bridging to achieve TLS 1.3.

Here is the quick view of the architecture. I did not use NLB with ALB as Target group because it only supports TCP 443 as protocol which would mean that TLS termination happens at ALB instead and I still end up with TLS 1.2 policy on ALB.

[shblue21]

Now AWS Application Load Balancer Supports TLS 1.3!
Using ELBSecurityPolicy-TLS13-1-2-2021-06 Security policy

[rnhurt]

Unfortunately, I'm not seeing that option in my ALB settings (us-east-1). 😞

Also the ALB docs have not been updated and still recommend ELBSecurityPolicy-2016-08. Maybe the updates haven't rolled out to all the accounts/regions/zones yet. 🤷

[soukicz]

It is available in eu-west-1 (no documentation yet)

[eshwar-natarajan]

Now AWS Application Load Balancer Supports TLS 1.3! Using ELBSecurityPolicy-TLS13-1-2-2021-06 Security policy

Yes, I can confirm that the ELBSecurityPolicy-TLS13-1-2-2021-06 is not available on ca-central-1 region.

[shblue21]

@rnhurt I guess it didn't apply to all regions. I hope to have it rolled out to all regions soon.
My account is in the ap-northeast-2(Seoul) region.

[exussum12]

Its there on the CLI

aws --region=ap-northeast-2 elbv2 describe-ssl-policies | grep -B 8 TLSv1.3

[rnhurt]

Yup, I can see it in the CLI for us-east-1 but not in the console (yet).

["TLSv1","TLSv1.1","TLSv1.2"]
["TLSv1.2","TLSv1.3"]
["TLSv1.2","TLSv1.3"]
["TLSv1.2","TLSv1.3"]
["TLSv1.2","TLSv1.3"]
["TLSv1.1","TLSv1.2","TLSv1.3"]
["TLSv1","TLSv1.1","TLSv1.2","TLSv1.3"]
["TLSv1.3"]
["TLSv1.2"]
["TLSv1.1","TLSv1.2"]
["TLSv1.2"]
["TLSv1","TLSv1.1","TLSv1.2"]
["TLSv1","TLSv1.1","TLSv1.2"]
["TLSv1","TLSv1.1","TLSv1.2"]
["TLSv1.2"]
["TLSv1.1","TLSv1.2"]
["TLSv1.2"]
["TLSv1.2"]

[richzw]

Official Doc Application Load Balancer now supports TLS 1.3 is here

https://aws.amazon.com/about-aws/whats-new/2023/03/application-load-balancer-tls-1-3/

[xtermi2]

ALB Docu is also updated: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies