​Fizzing up the new TLS security protocol

Facebook open-sources its Fizz library for the next-generation Transport Layer Security protocol.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Video: Facebook security boss: "We run our network almost like a college campus'

You may have noticed that Google's Chrome web browser now marks all websites without Transport Layer Security (TLS) as insecure. So, it's past time to secure your sites with TLS. So long as you're doing this, give Facebook's newly open-sourced TLS 1.3 library, Fizz a try.

TLS 1.3 is the newest version of TLS. In turn, TLS is the replacement for Secure Socket-Layer (SSL). It's designed to be better than its ancestors at preventing attacks. TLS 1.3 does this by supporting stronger encryption and dropping support for many older, no longer secure encryption algorithms.

While TLS 1.3 is a step above TLS 1.2, it's not been widely deployed. A Cloudflare study, which enabled TLS 1.3 by default on the server side last year, found in December 2017 that only 0.6 percent of traffic was secured with TLS 1.3.

Also: Snooping on HTTPS is about to get harder

Now, with Facebook both supporting TLS 1.3 and releasing implementation as open-source, perhaps TLS 1.3 will finally become more popular.

According to Facebook, Fizz is a robust, highly performant TLS library written in C++ 14. Besides TLS 1.3's built-in security advantages, Fizz offers an improved solution for middlebox handshake failures, supports asynchronous I/O by default, and can handle scatter/gather I/O to eliminate the need for extra copies of data.

To make this happen, Facebook has worked with the Internet Engineering Task Force (IETF) to standardize TLS 1.3. Previously, Facebook improved TLS by deploying Zero protocol. This is a custom protocol that allowed us to experiment with establishing 0-RTT secure connections. Using 0-RTT data reduces the latency of requests using TLS, and the latency overhead needed to deploy TLS. With Fizz TLS 1.3's speed is on par with Zero protocol, so Facebook has replaced Zero protocol with TLS 1.3.

Facebook also claimed Fizz reduces memory and CPU uses. The net reduce is Facebook's load balancer synthetic benchmarks show approximately 10-percent higher throughput than our previous stack.

The Fizz TLS 1.3 implementation also significantly reduces latency when establishing secure connections, compared with TLS 1.2. This improves user experience, particularly on app startup when there are no existing connections to reuse.

Also: SSL & TLS Essentials: Securing the Web - reference book CNET

Fizz also managed to improvement performance for a large distributed server network such as Facebook's by offloading certificate operations and ticket decryption to remote services. Fizz does this by using futures to provide a simple async application programming interface (API). Thus, any Fizz callback from Fizz can return an asynchronous response without blocking the service from processing other handshakes.

The new Fizz also supports APIs that can send early data immediately after the TCP connection is established. Early data reduces requests latency of. This is especially important when mobile app first start up.

Of course, using early data potentially opens the door for attackers. Facebook's implementation of Fizz addresses this by using a replay cache alongside the load balancers. This detects and rejects replayed data. Fizz provides simple APIs to be able to determine when transports are replay safe and can be used to send non-replay safe data.

Another reason companies have avoided TLS 1.3 is network security appliance vendors made it impossible to update their firmware. While that makes them a bad choice for security, many businesses rely on them. That's a mistake. For example, Symantec's BlueCoat appliance simply hung up on Chromebook TLS 1.3 connections in February 2017.

Facebook addressed this in Fizz by making the first parts of the TLS 1.3 handshake look like the TLS 1.2 resumption handshake. With this approach, TLS 1.3 became reliably deployable with no fallback to TLS 1.2.

Also: A quick guide to SSL/TLS certificates TechRepublic

This is working. According to Facebook, "Today, more than 50 percent of our internet traffic is secured with TLS 1.3, and that will continue to grow as browsers and apps add support for TLS 1.3. RFC 8446 will be published soon, making TLS 1.3 an internet standard."

Now that Facebook has shown that that TLS 1.3 can be successfully deployed at scale and Google is making TLS a de facto business requirement, it's time to switch your sites, applications, and servers to TLS 1.3. And, with Fizz open source under the BSD license, you should consider using it for your business deployments. You'll be glad you did.

The top open-source rookies, projects in 2018

Related stories:

Editorial standards