Major revision of security protocols (TLS 1.2, SHA-512, AES)
Availability: Summer 2020
After a decade without any developments, web cryptographic protocols are undergoing a small revolution this year with the announcement of the deprecation of TLS 1.1.
The TLS 1.2 revolution!
TLS is the cryptographic protocol used in all HTTP/S browser exchanges. It is also the protocol used for communication between services, for example between two programs on the same Windows or Linux server. Suffice it to say that TLS is used for every computer operation from transactions in the enterprise to communications on the internet.
The simultaneous termination of support for TLS 1.0 and TLS 1.1 in 2020 means that software must adopt the ‘new standard’, 1.2, for all encrypted transmissions without any possibility of a ‘plan B’.
SSL and TLS protocols
Newtest conforms to TLS 1.2 requirements
Newtest operates henceforward with native TLS 1.2 exchanges. This change will be effective automatically in NEP version 4.2 to be released in the summer. If you would like to bring your NEP server into conformity before then, your Newtest team is providing a manual patch which replaces TLS 1.1 libraries with their TLS 1.2 equivalents.
Newtest seizes the opportunity to strengthen its crypto libraries
Within its application-monitoring mission, the Newtest solution handles privileged data as would any legitimate real user of the application under test. In particular, Newtest ordinarily uses access accounts (login/password) on the applications it monitors.
To conform to the latest security requirements, Newtest is reinforcing its encryption algorithms. Passwords for accessing the monitored applications are from now on encoded with an AES type algorithm. Passwords for access to the NMC and NRS modules are, for their part, encoded with a SHA-512 type algorithm. In version 4.2, Newtest thus abandons the 3DES protocol used previously, now that it is recognized as insufficiently secure.
When will the switch to TLS 1.3 take place?
Everything will depend on the technologies chosen! The TSL 1.3 standard started to be adopted in 2018, but its adoption rate is still unequal, according to software vendors’ experience.
As for web browsers, it’s unanimous! Nowadays the standard is supported by all the major browsers on the market. Still, the browser is only one side of the solution, and on the web server side, it’s about half-half.
Web servers running on Linux can benefit, as long as they implement the latest version of Open SSL (1.1.1), likewise available since late 2018. However, for Windows web servers, TLS 1.2 is still the norm.
Business applications based on the Microsoft platform will have to wait a little while. Microsoft Server 2019 does not support TLS 1.3 (only in non-production testing). SQL Server 2019 is not farther ahead and does not yet support the latest standard either.