Google TLS False Start: Security Risks & Fixes

TL;DR

Google’s TLS False Start (TLS-FS) optimisation can speed up web connections, but it introduces a small risk of information leaks if not implemented correctly. This guide explains the risks and how to check your server setup.

What is TLS False Start?

TLS False Start allows a web browser to send application data before the full TLS handshake is complete. Normally, the browser waits for confirmation of encryption keys before sending anything sensitive. TLS-FS sends some data early, assuming the connection will succeed. This speeds things up if the network is slow, but it means that if the handshake *fails* after data has been sent, a small amount of unencrypted information might be visible to attackers.

The Security Risks

The main risk is exposing HTTP request headers and potentially parts of the POST body before full encryption. This isn’t usually passwords or credit card numbers (those should be encrypted at application level anyway), but it can reveal:

• URLs visited
• Cookies
• Authentication tokens
• Other identifying information in headers

This is a downgrade attack scenario. If an attacker can force your server to negotiate a weaker cipher suite *after* data has been sent with TLS-FS, they might be able to intercept the unencrypted portion.

Checking Your Server Configuration

Here’s how to check if your server supports TLS False Start and what you can do about it. These instructions are geared towards common web servers (Apache & Nginx).

1. Use an Online SSL Test

1. The easiest way is to use a website like SSL Labs’ SSL Server Test.
2. Enter your domain name and run the test.
3. Look for the “TLS False Start” section in the results. It will tell you if it’s supported, and which versions (e.g., TLS 1.2, TLS 1.3).

2. Check Apache Configuration

If you’re using Apache, check your virtual host configuration file (usually in /etc/apache2/sites-available/).

1. Look for the line containing SSLProtocol.
2. TLS False Start is enabled by default in recent versions of Apache with modern cipher suites. You generally don’t need to explicitly enable it, but you *do* want to ensure you have strong ciphers configured.
3. Example configuration snippet (ensure this is tailored to your needs – consult the Apache documentation):

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5

3. Check Nginx Configuration

If you’re using Nginx, check your server block configuration file (usually in /etc/nginx/sites-available/).

1. Look for the line containing ssl_protocols.
2. TLS False Start is enabled by default in recent versions of Nginx with modern cipher suites. Again, focus on strong ciphers.
3. Example configuration snippet (adjust as needed):

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

4. Disable TLS False Start (If Necessary)

While generally not recommended unless you have a specific reason, you can disable TLS False Start if you’re concerned about the risks and don’t need the performance boost.

• Apache: Add SSLFalseStart off to your virtual host configuration.
• Nginx: Add ssl_false_start off; to your server block configuration.

Important: After making changes, restart your web server for them to take effect.

sudo systemctl restart apache2 # For Apache
sudo systemctl restart nginx    # For Nginx

Mitigation Strategies

• Use strong cipher suites: This is the most important step. Avoid weak or outdated ciphers.
• Enable HTTP Strict Transport Security (HSTS): HSTS forces browsers to always use HTTPS, reducing the risk of downgrade attacks.
• Keep your server software up-to-date: Updates often include security fixes and improvements related to TLS.
• Application-level encryption: Encrypt sensitive data (passwords, credit card numbers) *before* sending it over the network, regardless of TLS.