TLS Protocol Limitations


TLS is known to currently have several limitations based certain design decisions:
  • Although Encryption protects the contents of a TCP connection, but the metadata of TCP and any other lower layers remains in plaintext.
  • Even at the TLS layer, a lot of the information is exposed as plaintext.
    • The first TLS handshake is not encrypted
    • examine the Server Name Indication information to determine the intended virtual host
    • examine the host’s certificate, and, when client certificates are used,
    • potentially obtain enough information to identify the user.
  • After encryption is activated, some protocol information remains in the clear:
    • the observer can see the subprotocol and length of each message

The leakage of network-layer metadata can be solved only at those levels. The other limitations could be fixed, and, indeed, there are proposals and discussions about addressing them.

There are workarounds to avoid these issues, but they’re not used by mainstream implementations.

More Information#

There might be more information for this subject on one of the following: