Blog
Visibility into TLS: Perfect Forward Secrecy
Maintain privacy without losing visibility into TLS.
Jeff Costlow
September 19, 2017
What is Perfect Forward Secrecy (PFS)?
This is a quick overview. If you want more details, check out this blog post on Perfect Forward Secrecy.
Perfect Forward Secrecy is a property of some asymmetric key types during handshake negotiations -- usually TLS. When traditional RSA keys are used, essentially the session key is generated on the client side and encrypted in the server's public key.
When PFS keys are used, the session key is uniquely generated from both client and server information. The practical effect of PFS is that traffic captured in the past cannot be decrypted if someone is able to steal or somehow obtain the server key.
What's the Issue?
PFS handshakes are incompatible with network monitoring that analyzes payload or transaction-level details, and that means IT operations teams can't use those monitoring tools to troubleshoot performance issues, plan for capacity, or detect potential security breaches. Modern business depends on a seamless, trustworthy digital experience for customers, so that's not just an IT or security problem; it's a revenue problem.
Visibility issues aside, the authors of the forthcoming TLS 1.3 specification have decided TLS 1.3 must use PFS handshake protocols; there will be no more RSA in TLS 1.3 and beyond. The future has more PFS handshakes and fewer useful traditional decryption devices.
Good News for ExtraHop Customers
ExtraHop has long had the capability to decrypt RSA-keyed TLS streams. With access to the RSA private key, ExtraHop decrypts all traffic at up to 100 Gbps and 60K handshakes per second and analyzes the payload and transaction-level details.
With our 7.0 release, ExtraHop has enhanced our Decryption Suite to include support for Perfect Forward Secrecy ciphers. That means you'll be able to decrypt TLS sessions while remaining compliant with modern security requirements!
What Kind of Decryption Do We Use?
There are two ways to gain visibility into encrypted streams: inline and out-of-band decryption.
For inline decryption, a man-in-the-middle device opens two connections, one from the client and one to the destination server. There are a few issues with this practice:
- Inline proxies must have their own certificate that is trusted by all clients, so they often don't work if there is any key-pinning being used
- You have to manually insert devices into every connection in order to decrypt traffic
- Inline proxies work by encrypting and then decrypting each individual connection, leading to increased latency and performance bottlenecks
- TLS traffic must be analyzed on that specific device or transferred to another device for analysis, which increases the load
- Certificate revocation (OCSP, etc.) is rarely supported in inline decryption
Out-of-band TLS decryption differs in that it decrypts TLS only once, as the traffic passes. Analysis can happen on the device that is not loaded and can be only as deep as needed. There's no need for a full proxy, which means no need for manual insertion. All in all, out-of-band methods lead to faster decryption and fewer performance bottlenecks.
What's In the Decryption Suite?
Find all the details here, as well as information on how your organization can start using the Decryption Suite.
You can expect a steady increase in Perfect Forward Secrecy handshakes going forward. Which would you prefer: to stay safe and lose visibility, or to give your team the best of both worlds?
For more information on PFS or ExtraHop decryption, drop us a line and we'll be in touch!
Discover more