How to use SSL/TLS correctly

Transcript

1. State-‐of-‐the-‐Art Using TLS @duongkai Security Bootcamp, Da Nang, 2014

2. /me ✓ Phạm Tùng Dương ✓ Engineer @ISP ✓ Security

   Interested 2

3. This Talk is All About Using When I say SSL

   TLS It means TLS and/or SSL 3

4. It is can be written a book Hope I can

   do well in this talk! 4

5. Yeah, and Some… It’s Soooo Sleepy! 5

6. Somewhere on the Earth… 6

7. Thanks God, We Have Him 7

8. SSL-‐by-‐default 8

9. It’s Important Than Ever 9

10. Protocol Attacks ✓2009: SSL Insecure Renegotiation ✓2011: BEAST ✓2012: CRIME

    ✓2013: RC4 biases, Lucky 13, BREACH ✓2014: POODLE 10

11. And in 2014 ✓Heartbleed and CCS in OpenSSL ✓Goto in

    GnuTLS ✓BERserk in Mozilla NSS ➔ 3 Biggest SSL implementations 11

12. In Pentest Industry 12

13. You Are Doing Wrong ✓It’s too complex. ✓Crypto related is

    often hard to understand. ✓Until we must compliance 13

14. SSL IN ACTION Or Your Service Should Be SSL By

    Default! 14

15. SSL/TLS Targets ✓Authentication ✓Confidential ✓Integrity 15

16. SSL Version ✓ First developed in Netscape ✓ SSL v2:

    Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed https://www.trustworthyinternet.org/ssl-‐pulse/ 16

17. SSL Version ✓ First developed in Netscape ✓ SSL v2:

    Oldest and broken ✓ SSL v3 (﴾1996)﴿. Old and almost secure. It NOT SECURE NOW. ✓ TLS 1.0 (﴾1999)﴿. Fine protocol ✓ TLS 1.1 (﴾2006)﴿. No known practical attacks. ✓ TLS 1.2 (﴾2008)﴿. The most secure until now ✓ TLS 1.3 is being developed One minute pray 4 SSL… https://www.trustworthyinternet.org/ssl-‐pulse/ 17

18. Protocol In A Glance

19. DHE-‐RSA-‐AES256-‐SHA Cipher Suite

20. Terms ✓CSR, Certificates, EV-‐Cert and CA. ✓Private key. ✓Block ciphers

    vs Stream ciphers ✓PFS (﴾Letter E)﴿: Perfect Forward Secrecy ✓Curves and Curves: Elliptic Curve ✓X509, PEM, PKCS#12 and conversion. ✓OpenSSL

21. Checklist 1. Updated the latest version (﴾OS, software)﴿ 2. Get

    an 2048-‐bit certificates from CA. Better if it supports SHA256 3. Know your legacy. 4. Configure TLS on your system. 5. Verify TLS configuration with your own hands.

22. Explanation 2. Get an 2048-‐bit certificates from CA. Better if

    it supports SHA256 ✓ 1024 bit is weak and can be broken easily.[1] [1]https://isc.sans.edu/diary/Confusion+over+SSL+and+1024+bit+keys/18775 ✓ SHA192 is on the way to be deprecated[2] [2]https://konklone.com/post/why-‐google-‐is-‐hurrying-‐the-‐web-‐to-‐kill-‐sha-‐1 ✓ 4096 is consuming CPU too much 3. Know your legacy ✓ Supported protocol version. ✓ Supported cipher suites. ✓ Your compliance.

23. Explanation 4. Configure TLS on your system. ✓ Avoiding insecure

    ciphers: RC4, DES, 3DES, MD5, SHA1,… ✓ Turn off SSLv3 support ✓ Turn off compression ✓ AES-‐128 is good enough (﴾both secure and faster)﴿. ✓ Enable PFS if you can. ✓ Switch to use Poly1350, Salsa-‐20 and EC ✓ Reference https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite https://bettercrypto.org/static/applied-‐crypto-‐hardening.pdf

24. Explanation ssl_protocols  SSLv3  TLSv1  TLSv1.1  TLSv1.2;   ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA +AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;

      ssl_prefer_server_ciphers  on; CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf

25. Explanation ssl_protocols  SSLv3  TLSv1  TLSv1.1  TLSv1.2;   ssl_ciphers  EECDH+AES128:RSA+AES128:EECDH+AES256:RSA +AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;

      ssl_prefer_server_ciphers  on; CloudFlare config: https://github.com/cloudflare/sslconfig/blob/master/conf

26. 26

27. Explanation: A+ ssl_certificate  /etc/nginx/ssl/server.crt; ssl_certificate_key  /etc/nginx/ssl/server.key; ssl_trusted_certificate  /etc/nginx/ssl/AddTrustExternalCARoot.crt; ssl_dhparam  /etc/nginx/ssl/dhparam.pem;

    #  Session  Resumption ssl_session_timeout  20m; ssl_prefer_server_ciphers  on; ssl_session_cache  shared:SSL:20m; #  Enable  OCSP  stapling  (req.  nginx  v  1.3.7+) ssl_stapling  on; ssl_stapling_verify  on; ssl_protocols  TLSv1.2  TLSv1.1  TLSv1; ssl_ciphers  ECDHE-­‐RSA-­‐AES256-­‐GCM-­‐SHA384:ECDHE-­‐RSA-­‐AES128-­‐SHA256:ECDHE-­‐RSA-­‐AES128-­‐SHA:DHE-­‐RSA-­‐ AES128-­‐SHA:RC4-­‐SHA; … add_header  Strict-­‐Transport-­‐Security  "max-­‐age=31536000;  includeSubdomains"; https://gist.github.com/kennwhite/25183c3f05266ee0ad7f

28. Explanation 5. Verify TLS configuration with your own hands. ✓

    Openssl s_client ✓ Cipherscan and some browser tools ✓ https://www.howsmyssl.com/ ✓ https://cc.dcsec.uni-‐hannover.de/ ✓ iSec Partner SSLyze ✓ SSLLabs (﴾https://www.ssllabs.com/)﴿ ✓ Make your hands dirty

29. DEMO TIME If I have enough time… 29

30. Finally ✓Are we so serious about this? 30

31. Reference [1] HTTPS Everywhere, Ilya Grigorik https://docs.google.com/presentation/d/15H8Sj-‐Zol1tcum0CSylhmXns5r7cvNFtzYrcwAzkTjM/ present#slide=id.g12f3ee71d_10 [2] SSL

    Pulse Project https://www.trustworthyinternet.org/ssl-‐pulse/ [3] How is my SSQL now https://www.howsmyssl.com/ [4] The Art and Science of SSL Configuration, Nick Galbreath https://speakerdeck.com/ngalbreath/the-‐art-‐and-‐science-‐of-‐ssl-‐configuration [5] Bulletproof TLS and SSL, Ivan Ristic, ISBN: 978-‐1907117046 Special Thanks to authors of photos about Da Nang and Hoi An (on Flickr): pierre_thach, nemesis1903 31

32. 32 Q&A