Skip to main content
Back to top
Ctrl
+
K
NCCoE TLS Visibility Project
Search
Ctrl
+
K
Addressing Visibility Challenges with TLS 1.3 within the Enterprise
Executive Summary
Introduction to This TLS 1.3 Visibility Practice Guide
Project Overview
Architecture and Builds
Build Implementation
Functional Demonstrations
Risk and Compliance Management
Demonstration and Future Considerations
Additional Materials
A. Glossary
B. List of Acronyms
C. References
D. Description of the Example Architectures
E. Descriptions of the Build Implementations
E.1 Shared Components Across All Builds
E.2 Architecture Implementation: Passive Inspection Using Bounded-lifetime DH Keys
E.3 Architecture Implementation: Passive Inspection Using Exported Session Keys
E.4 Architecture Implementation: Active Inspection Using Middleboxes
F. Details of the Functional Demonstrations and Results
Scenario 1.1: Expired TLS Certificates
Scenario 1.2: Service Utilization
Scenario 1.3: Error Code Logging (Layers)
Scenario 2.1: Status Code Logging (Protocols)
Scenario 2.2: Proxy Error
Scenario 2.3: Bandwidth Utilization
Scenario 3.1a: Malicious HTTPS File Serving
Scenario 3.1b: Malicious SMTP Attachment
Scenario 3.2: Unexpected or Unauthorized Encryption
Scenario 3.3: Command and Control
Scenario 3.4: Unsanitized User Input
Scenario 4.1: Outdated Protocols
Scenario 4.2: Outdated Software
G. Mappings of TLS 1.3 Visibility Capabilities to Risk Framework Documents
Change Log
.rst
.pdf
Change Log
Change Log
#
Initial version of the document.