Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Sorry State of SSL @ EuroPython 2014

Avatar for Hynek Schlawack Hynek Schlawack
July 22, 2014
Technology
1
390

The Sorry State of SSL @ EuroPython 2014

TLS is the best technology we have for securing our communications. It comes with many sharp edges though. This talk tries to jumpstart a rough understanding.
Avatar for Hynek Schlawack

Hynek Schlawack

July 22, 2014
Tweet

More Decks by Hynek Schlawack

See All by Hynek Schlawack
Design Pressure
Avatar for Hynek Schlawack hynek
0
140
Subclassing, Composition, Python, and You
Avatar for Hynek Schlawack hynek
3
320
Classy Abstractions @ Python Web Conf
Avatar for Hynek Schlawack hynek
0
190
On the Meaning of Version Numbers
Avatar for Hynek Schlawack hynek
0
320
Maintaining a Python Project When It’s Not Your Job
Avatar for Hynek Schlawack hynek
1
2.4k
How to Write Deployment-friendly Applications
Avatar for Hynek Schlawack hynek
0
2.5k
Solid Snakes or: How to Take 5 Weeks of Vacation
Avatar for Hynek Schlawack hynek
2
5.8k
Get Instrumented: How Prometheus Can Unify Your Metrics
Avatar for Hynek Schlawack hynek
4
11k
Beyond grep – PyCon JP
Avatar for Hynek Schlawack hynek
1
3.4k

Other Decks in Technology

See All in Technology
マーケットプレイス版Oracle WebCenter Content For OCI
Avatar for oracle4engineer oracle4engineer
PRO
3
710
ユーザーコミュニティが海外スタートアップのDevRelを補完する瞬間
Avatar for M Yano nagauta
1
200
20 Years of Domain-Driven Design: What I’ve Learned About DDD
Avatar for Eberhard Wolff ewolff
1
390
AWSを利用する上で知っておきたい名前解決の話
Avatar for nagisa_53 nagisa53
6
850
Ruby on Rails の楽しみ方
Avatar for morihirok morihirok
6
3k
計測による継続的なCI/CDの改善
Avatar for SansanTech sansantech
PRO
7
1.8k
Google CloudのAI Agent関連のサービス紹介
Avatar for Shu Kobuchi shukob
0
130
さくらのクラウド開発の裏側
Avatar for metakoma metakoma
PRO
18
5.6k
既存の開発資産を活かしながら、 《新規開発コスト抑制》と《開発体験向上》 を両立する拡張アーキテクチャ事例
Avatar for kubell kubell_hr
0
260
RubyKaigi NOC 近況 2025
Avatar for Sorah Fukumori sorah
3
1.1k
Why Platform Engineering? - マルチプロダクト・少人数 SRE の壁を越える挑戦 -
Avatar for 株式会社ヌーラボ nulabinc
PRO
5
480
kernelvm-brain-net
Avatar for らすぴー raspython3
0
640

Featured

See All Featured
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
121
52k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
22
3.4k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.2k
Done Done
Avatar for chrislema chrislema
184
16k
Fontdeck: Realign not Redesign
Avatar for Paul Robert Lloyd paulrobertlloyd
84
5.5k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
183
22k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.2k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
430
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k

Transcript

  1. THE SORRY STATE OF SSL Hynek Schlawack

  2. @hynek https://hynek.me https://github.com/hynek Guten Tag!

  3. None

  4. https://www.variomedia.de

  5. None
  6. None
  7. None

  8. ONLY LINK ox.cx/t

  9. WTF

  10. WTF SSL

  11. WTF SSL & TLS

  12. TIMELINE

  13. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape

  14. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape

  15. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF

  16. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1

  17. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2

  18. 2013

  19. 2013 • newfound scrutiny

  20. 2013 • newfound scrutiny • browsers add TLS 1.2

  21. 2013 • newfound scrutiny • browsers add TLS 1.2 •

    just using TLS not enough

  22. TLS

  23. TLS • identity

  24. TLS • identity • confidentiality

  25. TLS • identity • confidentiality • integrity

  26. TLS HYGIENE

  27. SERVERS

  28. 1.0.1c 2.4.0 1.0.6 or 1.1.0 • OpenSSL >= • Apache

    >= • nginx >= BE UP-TO-DATE

  29. • OpenSSL >= • Apache >= • nginx >= 1.0.1h

    2.4.9 1.4.7 BE UP-TO-DATE

  30. CERTIFICATES • identity • validity

  31. CERTIFICATES • identity • validity • CA sig

  32. CERTIFICATES • identity • validity • CA sig

  33. CERTIFICATES • identity • validity • CA sig

  34. CERTIFICATES • identity • validity • CA sig

  35. CERTIFICATES • identity • validity • CA sig

  36. TRUST CHAIN

  37. TRUST CHAIN

  38. TRUST CHAIN

  39. CERTIFICATES • trust chain

  40. CERTIFICATES • trust chain • host name/service

  41. CERTIFICATES • trust chain • host name/service • already/still valid?

  42. DISABLE • SSL 2.0

  43. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

  44. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

    • TLS compression

  45. CIPHER SUITES

  46. CIPHER

  47. CIPHER Cipher

  48. CIPHER Cipher Plaintext

  49. CIPHER Cipher Plaintext

  50. CIPHER Cipher Ciphertext Plaintext

  51. Ciphertext CIPHER Cipher Plaintext

  52. CIPHER: MODE

  53. CIPHER: MODE • CBC

  54. CIPHER: MODE • CBC • stream ciphers

  55. CIPHER: MODE • CBC • stream ciphers • GCM

  56. ENCRYPTION: PREFER THIS

  57. ENCRYPTION: PREFER THIS AES128-GCM &

  58. ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20

  59. ENCRYPTION: FALL BACK TO AES128-CBC

  60. ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC

  61. ENCRYPTION: EOL

  62. ENCRYPTION: DANGEROUS • EXP-*

  63. ENCRYPTION: DANGEROUS • EXP-* • DES

  64. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  65. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  66. KEY EXCHANGE

  67. KEY EXCHANGE fast PFS RSA ✔️ ❌

  68. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

  69. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  70. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  71. INTEGRITY: MACS • Message Authentication Code

  72. INTEGRITY: MACS • Message Authentication Code • HMAC

  73. INTEGRITY: MACS • Message Authentication Code • HMAC • GCM

  74. HAVE THE LAST WORD

  75. YOU’RE DONE!

  76. YOU’RE DONE! (but test your results!)

  77. CERTIFICATE

  78. CERTIFICATE

  79. CERTIFICATE

  80. CERTIFICATE

  81. CERTIFICATE

  82. CERTIFICATE

  83. CERTIFICATE

  84. PROTOCOLS

  85. PROTOCOLS

  86. PROTOCOLS

  87. PROTOCOLS

  88. CIPHER SUITES

  89. CIPHER SUITES

  90. CIPHER SUITES

  91. CIPHER SUITES

  92. CIPHER SUITES

  93. CIPHER SUITES

  94. CIPHER SUITES

  95. CIPHER SUITES

  96. CLIENTS

  97. YOU HAD ONE JOB!

  98. YOU HAD ONE JOB! VERIFY!

  99. VERIFY THE CERTIFICATE! • valid?

  100. VERIFY THE CERTIFICATE! • valid? • trustworthy chain?

  101. VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct

    hostname/service?

  102. TRUST CHAIN

  103. TRUST CHAIN • VERIFY_PEER

  104. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent

  105. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent •

    SSL_CTX_set_default_ verify_paths

  106. SYSTEM CA • FreeBSD: ca_root_nss

  107. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates

  108. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew

  109. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore

  110. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi

  111. HOSTNAME VERIFICATION OpenSSL to developers:

  112. HOSTNAME VERIFICATION OpenSSL to developers: LOL

  113. DON’T VERIFY TRUST CHAIN I can pretend to be Google

    with any self-signed certificate.

  114. DON’T VERIFY HOSTNAME I can pretend to be Google with

    any valid certificate.
  115. None

  116. SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0

  117. THAT’S ALL!

  118. USERS

  119. FUNDAMENTAL MISCONCEPTIONS

  120. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security

  121. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata

  122. VPN?

  123. VPN? • sees all your traffic

  124. VPN? • sees all your traffic • same for CDN

  125. CERTIFICATE WARNINIGS

  126. CERTIFICATE WARNINIGS

  127. ROOT CERTIFICATE POISONING

  128. TRUST ISSUES

  129. TRUST ISSUES

  130. TRUST ISSUES

  131. TRUST ISSUES

  132. TRUST ISSUES • hacked

  133. TRUST ISSUES • hacked • screw up

  134. TRUST ISSUES • hacked • screw up • court orders

  135. TRUST ISSUES • hacked • screw up • court orders

    • big corp
  136. None

  137. DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule

    of Thumb

  138. STANDARD LIBRARY VS. PYOPENSSL

  139. STANDARD LIBRARY

  140. STANDARD LIBRARY • terrible pre-3.3

  141. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

  142. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible

  143. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options

  144. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options • bound to Python’s OpenSSL

  145. HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install

    backports.ssl_match_hostname

  146. PYOPENSSL

  147. PYOPENSSL • Python 2.6+, 3.2+, and PyPy

  148. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage

  149. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage • PyCA cryptography!

  150. CRYPTOGRAPHY.IO

  151. CRYPTOGRAPHY.IO • Python crypto w/o footguns

  152. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA

  153. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI

  154. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI • gives pyOpenSSL momentum

  155. HOSTNAME VERIFICATION service_identity

  156. LIBRARIES & FRAMEWORKS

  157. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌

  158. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️

  159. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  160. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  161. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌

  162. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌

  163. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️

  164. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌

  165. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️

  166. SUMMARY

  167. SUMMARY • keep TLS out of Python if you can

  168. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS

  169. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted

  170. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL

  171. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients

  172. WHY SORRY?

  173. IMPLEMENTATIONS

  174. IMPLEMENTATIONS

  175. USERS

  176. USERS • run outdated software

  177. USERS • run outdated software • click certificate warnings away

  178. USERS • run outdated software • click certificate warnings away

    • are at the mercy of 3rd parties

  179. SERVERS

  180. SERVERS

  181. CLIENTS

  182. PYTHON Is at the forefront of terrible.

  183. HOPE

  184. HOPE • people care again

  185. HOPE • people care again • stdlib

  186. HOPE • people care again • stdlib • PyCA

  187. CALLS TO ACTION

  188. CALLS TO ACTION

  189. CALLS TO ACTION

  190. CALLS TO ACTION

  191. CALLS TO ACTION

  192. ox.cx/t @hynek vrmd.de