Auditing TLSv1.3 is enabled for your services

Auditing TLSv1.3 is enabled for your services

What is TLSv1.3 #

TLSv1.3, or Transport Layer Security version 1.3, is the latest and most secure version of the TLS protocol, vital for safeguarding internet communications. It brings notable improvements in security and efficiency, offering stronger encryption algorithms, perfect forward secrecy, and streamlined handshake processes. By simplifying cipher suites and eliminating vulnerabilities found in earlier versions, TLSv1.3 enhances protection against various cyber threats and ensures the confidentiality, integrity, and authenticity of data transmitted over the internet.

Moreover, TLSv1.3 reduces connection setup times, enhances performance, and strengthens security policies. It enforces forward secrecy by default, protects against downgrade attacks, and is compatible with older TLS and SSL versions. As a result, TLSv1.3 has become the preferred choice for securing web browsing, email, and online services, making the internet a safer and more efficient space for users and organizations alike.

Auditing TLSv1.3 for our services from the load balancer #

As RELIANOID ADC Load Balancer is based on Linux, we can take advantage of the openssl command which is such a powerful tool for SSL debugging. With the command line below, we can execute a ssl client connection to our local service (using the VIP and port of the farm service) to ensure that our services are being published using the TLSv1.3 protocol.

root@noid-ee-01~# openssl s_client -tls1_3 -connect <VIP address>:<port>

[...]
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
[...] 

Once executed, just check the Protocol used is set to TLSv1.3 .

Also, this command can be executed against our backends or real servers just changing the IP address and port. This will ensure that our SSL backends servers are also well configured, specially if the load balancing virtual service is configured in layer 4 mode, so the SSL handshake is performed between the client and real servers.

SHARE ON:

Powered by BetterDocs