Security Experts:

Facebook Open Sources TLS 1.3 Library

Facebook on Monday announced the open source availability of Fizz, a TLS library written in C++ 14 that includes the new generation of Transport Layer Security (TLS 1.3).

Already deployed globally on Facebook’s mobile apps, load balancers, and internal services, the library handles millions of TLS 1.3 handshakes every second across the social media giant's infrastructure. At the moment, over 50% of Facebook's Internet traffic is secured with TLS 1.3, while its mobile apps also leverage TLS 1.3’s zero round-trip resumption (0-RTT) data.

“We believe this makes it the largest deployment of TLS 1.3 — and early (0-RTT) data — on the internet. Fizz has reduced not only the latency but also the CPU utilization of services that perform trillions of requests a day,” Facebook says.

By open-sourcing Fizz, the social networking company aims to help speed up deployment of TLS 1.3 across the Internet. Compared to its predecessor, the protocol can reduce latency significantly, and Fizz too is focused on efficiency.

“Our load balancer synthetic benchmarks show approximately 10 percent higher throughput than our previous stack, and we’re continuing to improve performance,” the company said.

Fizz servers, the company explains, are async by default, as functions such as certificate operations and ticket decryption operations are handled by remote services. Facebook also provides a simple async API and says that callbacks from Fizz can return asynchronous responses without blocking the processing of other handshakes.

With support for scatter/gather I/O APIs, Fizz can handle chunks of data, encrypting it in place into the chunked memory. This means it doesn’t need to copy data and that all applications using the library perform fewer memory allocations and copies.

Fizz also uses early data to reduce latency of requests, but only whitelisted requests are sent this way (the use of early data in TLS 1.3 allows an attacker to replay the data). The library also offers APIs to determine when transports are replay safe.

According to Facebook, Fizz was built with security in mind from the ground up. The state machine of TLS in the library is explicit, with all transitions defined in one place, which makes it easier to handle security.

In Fizz, the company also implemented an abstraction to prevent the use of incorrect state transitions. Thus, if the state handler uses an incorrect state transition that hasn’t been defined in the explicit state machine, the code fails to compile.

“Fizz supports APIs that provide exported key material tied to TLS handshake. This has allowed us to support the Token binding protocol, which in turn allows TLS to be used to bind application tokens to improve security and trustworthiness of apps. We’ve also used this to integrate Fizz into our QUIC implementation,” Facebook explains.

At the moment, Fizz supports TLS 1.3 drafts 28, 26 (both wire-compatible with the final specification), and 23. It also supports all major handshake modes, including PSK resumption, early data, client authentication, and HelloRetryRequest. Fizz depends on three libraries, namely folly, OpenSSL, and libsodium.

Related: Facebook Releases New Certificate Transparency Tools

view counter