Forum Discussion

Dave_21103's avatar
Dave_21103
Icon for Nimbostratus rankNimbostratus
Oct 19, 2018

LTM SSL Client Profile for TLS 1.3

Hello All, We are running BIG-IP 14.0.0.1 Build 0.0.2 Point Release 1 and attempting to configure an SSL client profile to only negotiate TLS 1.3, https://support.f5.com/csp/article/K10251520 We've configured a Cipher group to only allow TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384. However, this breaks things. Packet captures reveal when our client hits the VIP (Chrome v70), it tries to negotiate TLSv1.2. How do we get the browser to send the initial SSL "Client Hello" request using the TLSv1.3 protocol? Right now its sending TLSv1.2 Client Hello's and VIP just responds with handshake failure. Is this a browser version setting thing or an SSL Client profile issue? Thanks All!

 

  • Did you go to chrome://flags in the Chrome browser and enable TLS 1.3? In any case, Chrome only ever supported drafts 23 and 28 (and now the final), while BIG-IP 14.0 supports draft 26.

    RFC 8446 TLS 1.3 support comes in the 14.1.

    But you're on the right configuration path:

    • Create a cipher rule (Local Traffic - Ciphers - Rules)
        ○ Cipher Suites: 'TLSv1_3'
        ○ Note that the above (on 14.0) only supports TLS13-AES128-GCM-SHA256 and TLS13-AES256-GCM-SHA384
        ○ Note that the 14.0 'DEFAULT' stack also includes the two TLS 1.3 ciphers
    
    • Create a cipher group (Local Traffic - Ciphers - Groups)
        ○ Select TLS 1.3 cipher rule
    
    • Create a client SSL profile
        ○ Ciphers: cipher group
        ○ Options List: disable 'No TLSv1.3' option
    
  • I asked several F5 employees about TLS 1.3 support during this year's Agility conference in August.

     

    They all gave me the same answer.

     

    The final RFC standard for TLS 1.3 would be included for client facing connections in version 14.1 expected to be released late 1st quarter/early 2nd quarter.

     

    Has that changed?

     

    • Kevin_Stewart's avatar
      Kevin_Stewart
      Icon for Employee rankEmployee

      Client-side TLS 1.3 comes in 14.1.

       

      Server-side TLS 1.3 comes in 15.0.

       

    • wlopez_98779's avatar
      wlopez_98779
      Icon for Nimbostratus rankNimbostratus

      Thanks for the quick response! Any updates on the expected release date for 14.1?

       

  • wlopez's avatar
    wlopez
    Icon for Cirrocumulus rankCirrocumulus

    I asked several F5 employees about TLS 1.3 support during this year's Agility conference in August.

     

    They all gave me the same answer.

     

    The final RFC standard for TLS 1.3 would be included for client facing connections in version 14.1 expected to be released late 1st quarter/early 2nd quarter.

     

    Has that changed?

     

    • Kevin_Stewart's avatar
      Kevin_Stewart
      Icon for Employee rankEmployee

      Client-side TLS 1.3 comes in 14.1.

       

      Server-side TLS 1.3 comes in 15.0.

       

    • wlopez's avatar
      wlopez
      Icon for Cirrocumulus rankCirrocumulus

      Thanks for the quick response! Any updates on the expected release date for 14.1?

       

  • wlopez's avatar
    wlopez
    Icon for Cirrocumulus rankCirrocumulus

    Version 14.1 was released last week.

     

    Can anybody confirm it this version includes the final standard version of TLS 1.3 on the Client-side?

     

    Haven't seen anything about it on the release notes.

     

    • wlopez's avatar
      wlopez
      Icon for Cirrocumulus rankCirrocumulus

      I loaded the latest version (BIGIP-14.1.0.1-0.0.7.iso) on our lab. The openssl version on that release is "OpenSSL 1.0.2o-fips 27 Mar 2018".

      Does that version of openssl include the final standard RFC for TLSv1.3?

      According to openssl's website:

      https://www.openssl.org/blog/blog/2018/09/11/release111/

      "Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0. Since OpenSSL 1.1.0 is not an LTS release it will start receiving security fixes only with immediate affect as per our previous announcement and as published in our release strategy. It will cease receiving all support in one years time.

      Our previous LTS release (OpenSSL 1.0.2) will continue to receive full support until the end of this year. After that it will receive security fixes only. It will stop receiving all support at the end of 2019. Users of that release are strongly advised to upgrade to OpenSSL 1.1.1.

      The OpenSSL team will now be moving our focus to the next release which will see us developing a new FIPS module."

      [root@bigip1:Active:Standalone] config  openssl version -a
      OpenSSL 1.0.2o-fips  27 Mar 2018
      built on: reproducible build, date unspecified
      platform: linux-x86_64
      options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
      compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -I/home/f5cm/cm/bigip14.1.0.1/1082522/f5_build/devfs_x86_64/usr/include -DOPENSSL_NO_EC2M -Werror -m64 -O3 -DL_ENDIAN -Wall -fdebug-prefix-map=/home/f5cm/cm/bigip14.1.0.1/1082522/f5_build/devfs_x86_64/usr=/usr -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DG**text**HASH_ASM -DECP_NISTZ256_ASM
      OPENSSLDIR: "/etc/pki/tls"
      engines:  dynamic tm_crypto rdrand
      
  • Version 14.1 was released last week.

     

    Can anybody confirm it this version includes the final standard version of TLS 1.3 on the Client-side?

     

    Haven't seen anything about it on the release notes.

     

    • wlopez_98779's avatar
      wlopez_98779
      Icon for Nimbostratus rankNimbostratus

      I loaded the latest version (BIGIP-14.1.0.1-0.0.7.iso) on our lab. The openssl version on that release is "OpenSSL 1.0.2o-fips 27 Mar 2018".

      Does that version of openssl include the final standard RFC for TLSv1.3?

      According to openssl's website:

      https://www.openssl.org/blog/blog/2018/09/11/release111/

      "Since 1.1.1 is our new LTS release we are strongly advising all users to upgrade as soon as possible. For most applications this should be straight forward if they are written to work with OpenSSL 1.1.0. Since OpenSSL 1.1.0 is not an LTS release it will start receiving security fixes only with immediate affect as per our previous announcement and as published in our release strategy. It will cease receiving all support in one years time.

      Our previous LTS release (OpenSSL 1.0.2) will continue to receive full support until the end of this year. After that it will receive security fixes only. It will stop receiving all support at the end of 2019. Users of that release are strongly advised to upgrade to OpenSSL 1.1.1.

      The OpenSSL team will now be moving our focus to the next release which will see us developing a new FIPS module."

      [root@bigip1:Active:Standalone] config  openssl version -a
      OpenSSL 1.0.2o-fips  27 Mar 2018
      built on: reproducible build, date unspecified
      platform: linux-x86_64
      options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
      compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -I/home/f5cm/cm/bigip14.1.0.1/1082522/f5_build/devfs_x86_64/usr/include -DOPENSSL_NO_EC2M -Werror -m64 -O3 -DL_ENDIAN -Wall -fdebug-prefix-map=/home/f5cm/cm/bigip14.1.0.1/1082522/f5_build/devfs_x86_64/usr=/usr -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DG**text**HASH_ASM -DECP_NISTZ256_ASM
      OPENSSLDIR: "/etc/pki/tls"
      engines:  dynamic tm_crypto rdrand
      
  • Keep in mind that the "OpenSSL" options are relevant only to the BIG-IP's control plane. The payload traffic passing through the data plane encounters the TLS (and other protocols) as implemented in the Traffic Management Microkernel (TMM), which in general consists of proprietary code written by F5.