Playback: A TLS 1.3 Story

Presented at Black Hat USA 2018, Aug. 9, 2018, 12:10 p.m. (50 minutes)

TLS 1.3 is the new secure communication protocol that should be already with us. One of its new features is 0-RTT (Zero Round Trip Time Resumption) that could potentially allow replay attacks. This is a known issue acknowledged by the TLS 1.3 specification, as the protocol does not provide replay protections for 0-RTT data, but proposed countermeasures that would need to be implemented on other layers, not at the protocol level. Therefore, the applications deployed with TLS 1.3 support could end up exposed to replay attacks depending on the implementation of those protections.<br><br>This talk will describe the technical details regarding the TLS 1.3 0-RTT feature and its associated risks. It will include Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers. Finally, potential solutions or mitigation controls would be discussed that will help to prevent those attacks when deploying software using a library with TLS 1.3 support.


  • Alfonso GarcĂ­a Alguacil - Senior Penetration Tester, Cisco   as Alfonso Garcia Alguacil
    Alfonso Garcia Alguacil is a penetration tester and security consultant with seven years of experience. Words like exploit, code or binary would quickly catch his attention. He currently works at Cisco as a senior security consultant.
  • Alejo Murillo Moya - Red Team Lead EMEAR, Cisco
    Alejo Murillo Moya has been always passionate about security with 10+ years of experience as a penetration tester and security consultant, achieving during that journey important technical certifications like CREST and GIAC GSE. He is currently working at Cisco as a Red Team lead and managing security consultant.