Secure the "z"

If security directives in your organization require the use of the latest TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocol and/or more secure SSL cipher suites, you may want to consider updating your applications to take advantage of TLS V1.2 protocol. The TLS V1.2 protocol is defined in detail in IETF (Internet Engineering Task Force) RFC (Request for Comments) 5246.

Now you are probably wondering what are the security improvements in the TLS V1.2 protocol?  The following are the major security updates to the TLS protocol:

• MD5/SHA-1 Pseudo-Random Function (PRF) has been replaced with cipher suite specified PRF’s. The default PRF used for TLS V1.2 is an SHA-256 based PRF. 
• Allows for SHA-256 and SHA-384 to be used for the message authentication. Previously the only choices for message authentication were MD5 and SHA-1. MD5 and SHA-1 are now considered weak hashing methods.
• Provides a method for clients and servers to specify which hash and signature algorithms they will accept. This information is exchanged during the TLS handshaking process.
• DES (56-bit) and RC2/RC4 (export) suites are no longer supported with TLS V1.2 since they are now considered weak encryption algorithms.
• Protection against rollback attacks by performing tighter checking of the version in the EncryptedPreMasterSecret.  A rollback attack is where someone tries to downgrade the TLS protocol that has already been negotiated to try and exploit any weaknesses in the earlier TLS protocol version.
• Support for the cipher suites defined in RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS and RFC 5289 TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM).  These two IETF RFCs have support for a number of new cipher suites which allow for use of 128-bit and 256-bit AES-GCM (Galois Counter Mode) encryption with your choice of either SHA-256 or SHA-384 message authentication.

For those of you that have z/OS System SSL, TLS V1.2 support has been added to System SSL in APAR OA39422 (PTFs UA66870, UA66871, and UA66872). This support became available in October 2012. For information about adding TLS V1.2 protocol support to your z/OS System SSL applications, see the updated z/OS V1R13 Cryptographic Services System Secure Sockets Layer Programming manual.

At this point, I'll leave you some questions to ponder after reading the security updates that are present in TLS V1.2.

• What do you see as possible enhancements to the existing SSL and TLS protocols? 
• Do you see any potential issues in the current TLS V1.2 protocol?
• How difficult would it be for your organization to upgrade to TLS V1.2 in your applications? Do you have to update your SSL certificates to take advantage of the latest security provided in TLS V1.2? Do you have any experience in the past with doing this type of migration? How did it go?

I'll be interested in hearing your comments. Thanks!