Florian--Anecdotally, I have heard Microsoft and F5 did code upgrades a few years back that moved Diffie Hellman to the top cipher suite priorities which broke security and fraud monitoring, APM reporting, and sniffer troubleshooting for a financial services client and at least one other organization in a different industry.
The solution, at the time, was to put the PFS options (choices we will no longer in 1.3) at the bottom of the priority list. I don't know how much of this was communicated back to the vendors at the time. In retrospect, this could have been seen as the canary in the coalmine... but here we are now at least. - Andrew -----Original Message----- From: Florian Weimer [mailto:f...@deneb.enyo.de] Sent: Wednesday, October 5, 2016 2:17 PM To: BITS Security <bitssecur...@fsroundtable.org> Cc: tls@ietf.org Subject: Re: [TLS] Industry Concerns about TLS 1.3 * BITS Security: > Deprecation of the RSA key exchange in TLS 1.3 will cause significant > problems for financial institutions, almost all of whom are running > TLS internally and have significant, security-critical investments in > out-of-band TLS decryption. > > Like many enterprises, financial institutions depend upon the ability > to decrypt TLS traffic to implement data loss protection, intrusion > detection and prevention, malware detection, packet capture and > analysis, and DDoS mitigation. We should have already seen this with changing defaults in crypto libraries as part of security updates. That should have broken passive monitoring infrastructure, too. Maybe some of the vendors can shed some light on this problem and tell us if they ever have received pushback for rolling out ECDHE-by-default. (I know that some products have few capabilities for centralized policy management, which is why defaults matter a lot there.) _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
