Playback: a TLS 1.3 story

DEF CON 26

Presented by: Alfonso Garcia Alguacil, Alejo Murillo Moya
Date: Friday August 10, 2018
Time: 15:00 - 15:45
Location: Track 2

TLS 1.3 is the new secure communication protocol that should be already with us. One of its new features is 0-RTT (Zero Round Trip Time Resumption) that could potentially allow replay attacks. This is a known issue acknowledged by the TLS 1.3 specification, as the protocol does not provide replay protections for 0-RTT data, but proposed countermeasures that would need to be implemented on other layers, not at the protocol level. Therefore, the applications deployed with TLS 1.3 support could end up exposed to replay attacks depending on the implementation of those protections.

This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls would be discussed that will help to prevent those attacks when deploying software using a library with TLS 1.3 support.

Alfonso Garcia Alguacil

Alfonso Garcia Alguacil is a penetration tester and security consultant with 7 years of experience. Words like exploit, code or binary would quickly catch his attention. He currently works at Cisco as a senior security consultant.

Alejo Murillo Moya

Alejo Murillo Moya has been always passionate about security with 10+ years of experience as a penetration tester and security consultant, achieving during that journey important technical certifications like CREST and GIAC GSE. He is currently working at Cisco as a red teaming lead and managing security consultant.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats