Since Tuesday, the Internets have been abuzz with discussion of BEAST (Browser Exploit Against SSL/TLS) and its attack on SSL/TLS. For more info on that check out H-Security’s article. One recommendation before the presentation was to enable TLS 1.1 or 1.2 as this is an attack on TLS 1.0.
While Microsoft Windows 7 includes support for TLS 1.1 and 1.2, it is off by default. According to EricLaw’s IEInternals, the reason for this is some websites do not handle an unexpected request for TLS 1.1/1.2. Rather than replying with what it does support, these webservers return a RESET. This tears down the connection, and the webpage does not load. So the first question is how many websites are like this? I really have no way to know. Currently I have TLS1.0 and SSL3 enabled via Group Policy. This prevents users from enabling SSL2.0, but it also prevents them from enabling TLS 1.1/1.2. If I enable TLS 1.1/1.2 in Group Policy, the user would have no way to disable it if they find a site with an issue. Not knowing how wide-spread a problem this is (and how bad BEAST really is), I wasn’t sure how to proceed.
Even if I do enable TLS 1.1/1.2 in Internet Explorer, the server must also support it. The next burning question is how many servers actually support this? Because of Qualys’ previous SSL research, I reached out to them on twitter and got a response back from Ivan Ristić. He reports in his blog that TLS 1.1 released in 2006 and TLS 1.2 released in 2008 have virtually no support in their survey of 300,000 of the Alexa top 1 million sites. A separate analysis of 1.2 million SSL sites yielded similar results.
So currently enabling TLS 1.1/1.2 on the client would offer limited benefit. Hopefully webmasters will be changing this soon. For now, I think a good first step is to enable TLS 1.1/1.2 on public facing servers.