Skip to main content
In the rapidly evolving landscape of cybersecurity, the emergence of quantum computing poses a significant threat to our current cryptographic standards. Recognizing this challenge, the National Institute of Standards and Technology (NIST) has released Special Publication 1800-38B, “Migration to Post-Quantum Cryptography Quantum Readiness: Cryptographic Discovery.” This comprehensive guide outlines the critical steps organizations must take to prepare for the post-quantum era, with a particular emphasis on discovering and cataloging current cryptographic usage. Our 8-part series aligns closely with NIST’s recommendations, providing practical, hands-on approaches to achieve quantum readiness. In this first installment, we’ll focus on discovering TLS 1.2 usage in network connections, a crucial step in identifying potentially vulnerable cryptographic implementations.

TLS 1.2 Usage in Network Connections

Transport Layer Security (TLS) version 1.2, defined in RFC 5246, has been a cornerstone of secure communication on the internet since its introduction in 2008. It provides encryption, integrity, and authentication for network connections, protecting sensitive data as it travels across the web.
However, with the advent of quantum computing, certain cryptographic algorithms used in TLS 1.2 are becoming vulnerable to attacks. This blog post will guide you through the process of identifying TLS 1.2 usage in network connections, which is an essential first step in assessing your organization’s cryptographic posture.

Manual Discovery

Let’s explore several manual methods to determine if TLS 1.2 is being used in a network connection:

1. Wireshark Packet Capture Analysis

Wireshark is a powerful tool for analyzing network traffic. Here’s how to use it to identify TLS 1.2 connections:
  1. Capture traffic on the relevant network interface.
  2. Apply a display filter: `ssl.handshake.version == 0x0303` (TLS 1.2 uses version 3.3 in the handshake).
  3. Look for the “Client Hello” and “Server Hello” messages in the capture.
  4. Examine the “Version” field in these messages to confirm TLS 1.2 usage.
Example Wireshark output:
Frame 42: 287 bytes on wire (2296 bits), 287 bytes captured (2296 bits)
Ethernet II, Src: [MAC], Dst: [MAC]
Internet Protocol Version 4, Src: [IP], Dst: [IP]
Transmission Control Protocol, Src Port: 443, Dst Port: [Port], Seq: 1, Ack: 1, Len: 233
Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.2 (0x0303)
        Length: 228
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 224
            Version: TLS 1.2 (0x0303)

2. OpenSSL s_client

OpenSSL’s s_client command is a versatile tool for testing and debugging SSL/TLS connections. Here’s how to use it to check for TLS 1.2:
 
openssl s_client -connect example.com:443 -tls1_2
 
This command forces a TLS 1.2 connection. If successful, you’ll see output including:
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
 
If the server doesn’t support TLS 1.2, you’ll receive an error.

 

3. Browser Developer Tools

Modern web browsers provide developer tools that can show TLS connection details:
  1. Open the developer tools (usually F12 or Ctrl+Shift+I).
  2. Navigate to the “Security” or “Network” tab.
  3. Look for the TLS version in the connection details.

Automated Discovery

Discovering TLS 1.2 usage in your network connections is a critical first step in assessing your organization’s cryptographic readiness for the post-quantum era. While TLS 1.2 is still widely used and considered secure for most current applications, it’s important to identify its usage to plan for future upgrades to more quantum-resistant protocols.
The methods outlined in this article provide a solid foundation for manual discovery of TLS 1.2 usage. However, for large-scale environments, automated tools can significantly simplify this process. Solutions like TYCHON with the Quantum Cryptography Readiness Module offer several advantages:
  1. Comprehensive Scanning: TYCHON can scan your entire network for TLS 1.2 usage quickly and efficiently.
  2. Continuous Monitoring: Unlike manual processes, TYCHON can run continuously, providing real-time updates on your organization’s TLS usage.
  3. Detailed Reporting: TYCHON provides detailed reports on TLS versions, cipher suites, and potential vulnerabilities.
  4. Integration with Security Workflows: TYCHON can integrate with many existing security workflows, streamlining the process of addressing potential vulnerabilities.
By leveraging both manual techniques and automated solutions, organizations can gain a comprehensive understanding of their TLS 1.2 usage. This knowledge forms the foundation for developing a robust strategy to migrate to quantum-safe cryptographic protocols in the future.

 

Stay tuned for our next installment, where we’ll delve deeper into identifying specific quantum-vulnerable algorithms within TLS 1.2 connections!