Maksim Kabakou - Fotolia

Get started Bring yourself up to speed with our introductory content.

Can opportunistic encryption improve browser security?

Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.

I've been reading about opportunistic encryption and how it will be featured in a new version of Mozilla's Firefox Web browser. What is opportunistic encryption, and when would it be ideal to use in my enterprise?

When a Web browser connects to a Web server using HTTPS, all traffic to and from the server is encrypted -- which protects against eavesdropping and tampering -- and ensures the browser is communicating with the server with which it intended. For a server to support HTTPS, it needs a digital certificate issued by a browser-recognized certificate authority, and it needs to implement TLS protection through OpenSSL or a similar cryptographic code library. However, even sites that support HTTPS may not be able to fully encrypt all the content in their pages because of embedded ads or other third-party content that's transmitted from the server where it's hosted over a plaintext HTTP connection.

Opportunistic encryption (OE) provides unauthenticated encryption over TLS for servers that don't support HTTPS, ensuring data that would otherwise be sent in cleartext can be encrypted. It uses the new HTTP/2 protocol, and although it isn't a replacement for TLS, as it's not authenticated, it does provide better confidentiality and integrity than a purely plaintext HTTP connection. OE was included in Firefox 37, which was released on March 31, but was disabled in the Firefox 37.0.1 update, issued just three days later, because of its use of Alternative Services (Alt-Svc).

OE is a related but separate feature that depends on Alt-Svc. A security issue in Mozilla's HTTP Alt-Svc implementation gave attackers an easy way to present fake TLS certificates that wouldn't be detected by the browser. The problem occurred when an Alt-Svc header was specified in the HTTP/2 response, as it allowed certificate verification to be bypassed for the specified alternate server. This resulted in warnings of invalid SSL certificates not being displayed to the user, so an attacker could potentially impersonate another site by replacing the original certificate with their own through a man-in-the-middle attack. Mozilla explained that the issue was an implementation problem in Firefox's processing of Alt-Svc -- not a protocol problem -- and that it planned to re-enable OE once the problem had been fully resolved.

According to the Internet Engineering Task Force's draft of Alt-Svc, Alt-Svc enables "an alternative service for HTTP, which allows an origin's resources to be authoritatively available at a separate network location, possibly accessed with a different protocol configuration." The alternative service is essentially routing information that can also be used to reach the origin in the same way that DNS CNAME or SRV records define routing information at the name resolution level. When Web servers are configured correctly to provide a specific response header, OE will begin routing requests it would normally send in cleartext to port 80 onto the indicated encrypted port instead -- most likely port 443. Although the transaction is routed to a different port, the origin of the resource won't have changed.

Although OE can't validate that a connected server is operated by the organization claiming ownership, it will make it harder for cybercriminals to monitor or manipulate everyday Internet communications. Long term it does have the potential to enable all Internet traffic to be encrypted. OE isn't available on servers running HTTP/1, but although HTTP/2 isn't yet finalized, it is supported by popular Web servers, such as Apache and Nginx, and by Microsoft's Internet Information Servers in Windows 10 and most of the major browsers.

Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Get the basics of encryption here

Learn how SSL-encrypted Web connections get intercepted

Improve enterprise IT security with encryption

This was last published in October 2015

Dig Deeper on Disk and file encryption tools