research-article

Tracking the deployment of TLS 1.3 on the web: a story of experimentation and centralization

Authors:

Abbas Razaghpanah,

Narseo Vallina-Rodriguez,

Oliver HohlfeldAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 50, Issue 3

Pages 3 - 15

https://doi.org/10.1145/3411740.3411742

Published: 22 July 2020 Publication History

Abstract

Transport Layer Security (TLS) 1.3 is a redesign of the Web's most important security protocol. It was standardized in August 2018 after a four year-long, unprecedented design process involving many cryptographers and industry stakeholders. We use the rare opportunity to track deployment, uptake, and use of a new mission-critical security protocol from the early design phase until well over a year after standardization. For a profound view, we combine and analyze data from active domain scans, passive monitoring of large networks, and a crowd-sourcing effort on Android devices. In contrast to TLS 1.2, where adoption took more than five years and was prompted by severe attacks on previous versions, TLS 1.3 is deployed surprisingly speedily and without security concerns calling for it. Just 15 months after standardization, it is used in about 20% of connections we observe. Deployment on popular domains is at 30% and at about 10% across the com/net/org top-level domains (TLDs). We show that the development and fast deployment of TLS 1.3 is best understood as a story of experimentation and centralization. Very few giant, global actors drive the development. We show that Cloudflare alone brings deployment to sizable numbers and describe how actors like Facebook and Google use their control over both client and server endpoints to experiment with the protocol and ultimately deploy it at scale. This story cannot be captured by a single dataset alone, highlighting the need for multi-perspective studies on Internet evolution.

References

[1]

[n.d.]. massdns. A high-performance DNS stub resolver in C. Fork of massdns by Quirin Scheitle. https://github.com/quirins/massdns.

[2]

[n.d.]. OpenSSL changelog. https://www.openssl.org/news/changelog.html.

[3]

[n.d.]. Zeek Network Security Monitor. https://www.zeek.org/.

[4]

[n.d.]. zgrab. Go application layer scanner. Fork of zgrab. https://github.com/tls-evolution/zgrab.

[5]

David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. 2015. Imperfect forward secrecy: how Diffie-Hellman fails in practice. In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS).

Digital Library

[6]

D. Akhawe, J. Amann, M. Vallentin, and R. Sommer. 2013. Here's my Cert, so trust me, maybe? Understanding TLS errors on the Web. In Proc. of the International Web Conference (WWW).

[7]

Alessandro Ghedini. 2018. You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3! https://blog.cloudflare.com/you-get-tls-1-3-you-get-tls-1-3-everyone-gets-tls-1-3/.

[8]

N. J. AlFardan and K. G. Paterson. 2013. Lucky Thirteen: breaking the TLS and DTLS record protocols. In Proc. IEEE Symposium on Security and Privacy (S&P).

[9]

J. Amann, O. Gasser, Q. Scheitle, L. Brent, G. Carle, and R. Holz. 2017. Mission accomplished? HTTPS security after DigiNotar. In Proc. ACM Internet Measurement Conference (IMC). London.

[10]

Johanna Amann, Robin Sommer, Matthias Vallentin, and Seth Hall. 2013. No attack necessary: the surprising dynamics of SSL trust relationships. In Proc. Annual Computer Security Applications Conference (ACSAC).

Digital Library

[11]

J. Amann, M. Vallentin, S. Hall, and R. Sommer. 2012. Extracting certificates from live traffic: a near real-time SSL notary service. Technical Report TR-12-014. ICSI.

[12]

Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. 2016. DROWN: breaking TLS using SSLv2. In Proc. USENIX Security Symposium.

[13]

Christian Badertscher, Christian Matt, Ueli Maurer, Phillip Rogaway, and Björn Tackmann. 2015. Augmented secure channels and the goal of the TLS 1.3 record layer. In International Conference on Provable Security. Springer, 85--104.

Digital Library

[14]

Mihir Bellare and Björn Tackmann. 2016. The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In Annual International Cryptology Conference (CRYPTO). Springer.

Digital Library

[15]

David Benjamin. 01 Jun 2016. [TLS] Downgrade protection, fallbacks, and server time. https://mailarchive.ietf.org/arch/msg/tls/la87rmkU4Ay0hrhyiddmbjoQRsY/.

[16]

David Benjamin. 11 Jan 2018. TLS ecosystem woes. Talk at RWC 2018. https://youtu.be/_mE_JmwFi1Y?t=1167.

[17]

David Benjamin. 18 Dec 2017. Additional TLS 1.3 results from Chrome. Post to IETF mailing list. https://mailarchive.ietf.org/arch/msg/tls/i9blmvG2BEPf1s1OJkenHknRw9c/.

[18]

D. Benjamin. 2019. Applying GREASE to TLS extensibility. https://tools.ietf.org/html/draft-ietf-tls-grease-02

[19]

D. Benjamin. 2020. Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS extensibility. https://tools.ietf.org/html/rfc8701

[20]

Benjamin Beurdouche, Antoine Delignat-Lavaud, Nadim Kobeissi, Alfredo Pironti, and Karthikeyan Bhargavan. 2015. FLEXTLS: a tool for testing TLS implementations. In USENIX Workshop on Offensive Technologies (WOOT).

[21]

Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi. 2017. Verified models and reference implementations for the TLS 1.3 standard candidate. In Proc. IEEE Symposium on Security and Privacy (S&P).

[22]

Google blog. 2019. Android Q features and APIs. https://android-developers.googleblog.com/2019/03/introducing-android-q-beta.html.

[23]

L. Chuat, P. Szalachowski, A. Perrig, B. Laurie, and E. Messeri. 2015. Efficient gossip protocols for verifying the consistency of certificate logs. In IEEE Conference on Communications and Network Security (CNS).

[24]

J. Clark and P. van Oorschot. 2013. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In Proc. IEEE Symposium on Security and Privacy (S&P).

Digital Library

[25]

Blue Coat. 2017. ProxySG, ASG and WSS will interrupt SSL connections when clients using TLS 1.3 access sites also using TLS 1.3. https://web.archive.org/web/20170912061432/http://bluecoat.force.com/knowledgebase/articles/Technical_Alert/000032878.

[26]

Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A comprehensive symbolic analysis of TLS 1.3. In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM.

[27]

Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Jonathan Protzenko, Aseem Rastogi, Nikhil Swamy, Santiago Zanella-Béguelin, Karthikeyan Bhargavan, Jianyang Pan, and Jean Karim Zinzindohoue. 2017. Implementing and proving the TLS 1.3 record layer. In Proc. IEEE Symposium on Security and Privacy (S&P). IEEE, 463--482.

[28]

David Dittrich and Erin Kenneally. 2012. The Menlo Report: Ethical principles guiding information and communication technology research. Technical Report. US Department of Homeland Security.

[29]

Benjamin Dowling, Marc Fischlin, Felix Günther, and Douglas Stebila. 2015. A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM.

Digital Library

[30]

Zakir Durumeric, Eric Wustrow, and J Alex Halderman. 2013. ZMap: Fast Internet-wide scanning and its security applications. In Proc. USENIX Security Symposium.

[31]

Facebook. 2018. Deploying TLS 1.3 at scale with Fizz, a performant open source TLS library. https://code.fb.com/security/fizz/.

[32]

Josef Gustafsson, Gustaf Overier, Martin Arlitt, and Niklas Carlsson. 2017. A first look at the CT landscape: Certificate Transparency logs in practice. In Proc. Passive and Active Measurement (PAM).

[33]

T. Halvorson, M. F. Der, I. Foster, S. Savage, L. K. Saul, and G. M Voelker. 2015. From .academy to .zone: an analysis of the new TLD land rush. In Proc. ACM Internet Measurement Conference (IMC). Tokyo.

Digital Library

[34]

Ralph Holz, Johanna Amann, Olivier Mehani, Matthias Wachs, and Mohamed Ali Kaafar. 2016. TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication. In Proc. Network and Distributed System Security Symposium (NDSS).

[35]

Ralph Holz, Lothar Braun, Nils Kammenhuber, and Georg Carle. 2011. The SSL Landscape: a thorough analysis of the X.509 PKI using active and passive measurements. In Proc. ACM Internet Measurement Conference (IMC).

Digital Library

[36]

Tibor Jager, Jörg Schwenk, and Juraj Somorovsky. 2015. On the security of TLS 1.3 and QUIC against weaknesses in PKCS#1 v1.5 encryption. In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS).

Digital Library

[37]

Nadim Kobeissi. 2018. Formal Verification for Real-World Cryptographic Protocols and Implementations. Ph.D. Dissertation. INRIA Paris; École Normale Supérieure de Paris---ENS Paris.

[38]

Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G Paterson, Narseo Vallina-Rodriguez, and Juan Caballero. 2018. Coming of age: a longitudinal study of TLS deployment. In Proc. ACM Internet Measurement Conference (IMC).

Digital Library

[39]

Hugo Krawczyk and Hoeteck Wee. 2016. The OPTLS protocol and TLS 1.3. In Proc. IEEE European Symposium on Security and Privacy (EuroS&P).

[40]

Bodo Möller. 2014. This POODLE bites: exploiting the SSL 3.0 fallback. Google blog. https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html.

[41]

Nick Sullivan. 2016. Introducing TLS 1.3. https://blog.cloudflare.com/introducing-tls-1-3/.

[42]

Nick Sullivan. 2017. Introducing Zero Round Trip Time Resumption (0-RTT). https://blog.cloudflare.com/introducing-0-rtt/.

[43]

Nick Sullivan. 2017. Why TLS 1.3 isn't in browsers yet. https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/.

[44]

Craig Partridge and Mark Allman. 2016. Addressing ethical considerations in network measurement papers. Commun. ACM 59, 10 (Oct. 2016), 58--64.

Digital Library

[45]

Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, and Phillipa Gill. 2017. Studying TLS usage in Android apps. In Proc. ACM Int. Conference on emerging Networking EXperiments and Technologies (CoNEXT).

Digital Library

[46]

Abbas Razaghpanah, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Christian Kreibich, Phillipa Gill, Mark Allman, and Vern Paxson. 2015. Haystack: A multi-purpose mobile vantage point in user space. https://arxiv.org/abs/1510.01419.

[47]

Eric Rescorla. 2016. The Transport Layer Security (TLS) Protocol Version 1.3 - Draft 16. https://tools.ietf.org/html/draft-ietf-tls-tls13-16

[48]

Eric Rescorla. 2017. The Transport Layer Security (TLS) Protocol Version 1.3 - Draft 22. https://tools.ietf.org/html/draft-ietf-tls-tls13-22

[49]

Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Historic). https://tools.ietf.org/html/rfc8446 RFC 8446.

[50]

Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3 - Draft 28. https://tools.ietf.org/html/draft-ietf-tls-tls13-28

[51]

Mark D. Ryan. 2014. Enhanced Certificate Transparency and end-to-end encrypted mail. In Proc. Network and Distributed System Security Symposium (NDSS).

[52]

Quirin Scheitle, Taejoong Chung, Johanna Amann, Oliver Gasser, Lexi Brent, Georg Carle, Ralph Holz, Jens Hiller, Johannes Naab, Roland van Rijswijk-Deij, et al. 2018. Measuring adoption of security additions to the HTTPS ecosystem. In Proc. Applied Networking Research Workshop.

Digital Library

[53]

Quirin Scheitle, Oliver Gasser, Theodor Nolte, Johanna Amann, Lexi Brent, Georg Carle, Ralph Holz, Thomas C Schmidt, and Matthias Wählisch. 2018. The rise of Certificate Transparency and its implications on the Internet ecosystem. In Proc. ACM Internet Measurement Conference (IMC).

Digital Library

[54]

Quirin Scheitle, Oliver Hohlfeld, Julien Gamba, Jonas Jelten, Torsten Zimmermann, Stephen D. Strowes, and Narseo Vallina-Rodriguez. 2018. A long way to the top: significance, structure, and stability of Internet top lists. In Proc. ACM Internet Measurement Conference (IMC).

Digital Library

[55]

B. VanderSloot, J. Amann, M. Bernhard, Z. Durumeric, M. Bailey, and J.A. Halderman. 2016. Towards a complete view of the certificate ecosystem. In Proc. ACM Internet Measurement Conference (IMC).

[56]

Scott Yilek, Eric Rescorla, Hovav Shacham, Brandon Enright, and Stefan Savage. 2009. When private keys are public: results from the 2008 Debian OpenSSL vulnerability. In Proc. ACM Internet Measurement Conference (IMC).

Digital Library

[57]

L. Zhang, D. Choffnes, D. Levin, T. Dumitras, A. Mislove, A. Schulman, and C. Wilson. 2014. Analysis of SSL certificate reissues and revocations in the wake of Heartbleed. In Proc. ACM Internet Measurement Conference (IMC).

Cited By

Zhou JFu WHu WSun ZHe TZhang Z(2024)Challenges and Advances in Analyzing TLS 1.3-Encrypted Traffic: A Comprehensive SurveyElectronics10.3390/electronics1320400013:20(4000)Online publication date: 11-Oct-2024
https://doi.org/10.3390/electronics13204000
Sosnowski MSattler PZirngibl JBetzer TCarle G(2024)Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements2024 8th Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA62044.2024.10559063(1-11)Online publication date: 21-May-2024
https://doi.org/10.23919/TMA62044.2024.10559063
Sommese Rvan Rijswijk-Deij RJonker M(2024)This Is a Local Domain: On Amassing Country-Code Top-Level Domains from Public DataACM SIGCOMM Computer Communication Review10.1145/3687234.368723654:2(2-9)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3687234.3687236
Show More Cited By

Index Terms

Tracking the deployment of TLS 1.3 on the web: a story of experimentation and centralization
1. Networks
  1. Network performance evaluation
    1. Network measurement
2. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS
SIGCOMM '15: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication

A significant fraction of Internet traffic is now encrypted and HTTPS will likely be the default in HTTP/2. However, Transport Layer Security (TLS), the standard protocol for encryption in the Internet, assumes that all functionality resides at the ...
Studying TLS Usage in Android Apps
CoNEXT '17: Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies

Transport Layer Security (TLS), has become the de-facto standard for secure Internet communication. When used correctly, it provides secure data transfer, but used incorrectly, it can leave users vulnerable to attacks while giving them a false sense of ...
Multi-Context TLS (mcTLS): Enabling Secure In-Network Functionality in TLS
SIGCOMM'15

A significant fraction of Internet traffic is now encrypted and HTTPS will likely be the default in HTTP/2. However, Transport Layer Security (TLS), the standard protocol for encryption in the Internet, assumes that all functionality resides at the ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 50, Issue 3

July 2020

56 pages

ISSN:0146-4833

DOI:10.1145/3411740

Editor:
Steve Uhlig
Queen Mary University of London, London, UK

Issue’s Table of Contents

Copyright © 2020 Copyright is held by the owner/author(s).

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 July 2020

Published in SIGCOMM-CCR Volume 50, Issue 3

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
976
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)17

Reflects downloads up to 12 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhou JFu WHu WSun ZHe TZhang Z(2024)Challenges and Advances in Analyzing TLS 1.3-Encrypted Traffic: A Comprehensive SurveyElectronics10.3390/electronics1320400013:20(4000)Online publication date: 11-Oct-2024
https://doi.org/10.3390/electronics13204000
Sosnowski MSattler PZirngibl JBetzer TCarle G(2024)Propagating Threat Scores with a TLS Ecosystem Graph Model Derived by Active Measurements2024 8th Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA62044.2024.10559063(1-11)Online publication date: 21-May-2024
https://doi.org/10.23919/TMA62044.2024.10559063
Sommese Rvan Rijswijk-Deij RJonker M(2024)This Is a Local Domain: On Amassing Country-Code Top-Level Domains from Public DataACM SIGCOMM Computer Communication Review10.1145/3687234.368723654:2(2-9)Online publication date: 30-Apr-2024
https://dl.acm.org/doi/10.1145/3687234.3687236
Barradas DNovo CPortela BRomeiro SSantos N(2024)Extending C2 Traffic Detection Methodologies: From TLS 1.2 to TLS 1.3-enabled MalwareProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678921(181-196)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678921
Theofanous APapadogiannaki EShevtsov AIoannidis SChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Fingerprinting the Shadows: Unmasking Malicious Servers with Machine Learning-Powered TLS AnalysisProceedings of the ACM Web Conference 202410.1145/3589334.3645719(1933-1944)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645719
Sosnowski MZirngibl JSattler PCarle GGrohnfeldt CRusso MSgandurra D(2024)EFACTLS: Effective Active TLS Fingerprinting for Large-Scale Server Deployment CharacterizationIEEE Transactions on Network and Service Management10.1109/TNSM.2024.336452621:3(2582-2595)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3364526
Kilic A(2024)TLS-handshake for Plug and Charge in vehicular communicationsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110281243:COnline publication date: 1-Apr-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110281
Liu JHu HXu WLuo D(2024)Internet of things challenges and future scope for enhanced living environmentsInternet of Things: Architectures for Enhanced Living Environments10.1016/bs.adcom.2023.10.007(201-246)Online publication date: 2024
https://doi.org/10.1016/bs.adcom.2023.10.007
Hilal FGasser O(2023)Yarrpbox: Detecting Middleboxes at Internet-ScaleProceedings of the ACM on Networking10.1145/35952901:CoNEXT1(1-23)Online publication date: 5-Jul-2023
https://dl.acm.org/doi/10.1145/3595290
Dahlmanns MSander CDecker RWehrle K(2023)Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and ImpactProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590329(797-811)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590329
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents