Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Sorry State of SSL @ EuroPython 2014

Hynek Schlawack
July 22, 2014
Technology
1
370

The Sorry State of SSL @ EuroPython 2014

TLS is the best technology we have for securing our communications. It comes with many sharp edges though. This talk tries to jumpstart a rough understanding.

Hynek Schlawack

July 22, 2014
Tweet

More Decks by Hynek Schlawack

See All by Hynek Schlawack
Subclassing, Composition, Python, and You
hynek
3
220
Classy Abstractions @ Python Web Conf
hynek
0
170
On the Meaning of Version Numbers
hynek
0
280
Maintaining a Python Project When It’s Not Your Job
hynek
1
2.4k
How to Write Deployment-friendly Applications
hynek
0
2.5k
Solid Snakes or: How to Take 5 Weeks of Vacation
hynek
2
5.8k
Get Instrumented: How Prometheus Can Unify Your Metrics
hynek
4
11k
Beyond grep – PyCon JP
hynek
1
3.3k
Beyond grep – EuroPython Edition
hynek
1
10k

Other Decks in Technology

See All in Technology
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
110
The Rise of LLMOps
asei
7
1.4k
Engineer Career Talk
lycorp_recruit_jp
0
160
OCI 運用監視サービス 概要
oracle4engineer
PRO
0
4.8k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
いざ、BSC討伐の旅
nikinusu
2
780
IBC 2024 動画技術関連レポート / IBC 2024 Report
cyberagentdevelopers
PRO
0
110
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
170
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940

Featured

See All Featured
Fireside Chat
paigeccino
34
3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Embracing the Ebb and Flow
colly
84
4.5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
0
89
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Scaling GitHub
holman
458
140k
Rails Girls Zürich Keynote
gr2m
94
13k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
1.9k
Designing for Performance
lara
604
68k
Docker and Python
trallard
40
3.1k

Transcript

  1. THE SORRY STATE OF SSL Hynek Schlawack

  2. @hynek https://hynek.me https://github.com/hynek Guten Tag!

  3. None

  4. https://www.variomedia.de

  5. None
  6. None
  7. None

  8. ONLY LINK ox.cx/t

  9. WTF

  10. WTF SSL

  11. WTF SSL & TLS

  12. TIMELINE

  13. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape

  14. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape

  15. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF

  16. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1

  17. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2

  18. 2013

  19. 2013 • newfound scrutiny

  20. 2013 • newfound scrutiny • browsers add TLS 1.2

  21. 2013 • newfound scrutiny • browsers add TLS 1.2 •

    just using TLS not enough

  22. TLS

  23. TLS • identity

  24. TLS • identity • confidentiality

  25. TLS • identity • confidentiality • integrity

  26. TLS HYGIENE

  27. SERVERS

  28. 1.0.1c 2.4.0 1.0.6 or 1.1.0 • OpenSSL >= • Apache

    >= • nginx >= BE UP-TO-DATE

  29. • OpenSSL >= • Apache >= • nginx >= 1.0.1h

    2.4.9 1.4.7 BE UP-TO-DATE

  30. CERTIFICATES • identity • validity

  31. CERTIFICATES • identity • validity • CA sig

  32. CERTIFICATES • identity • validity • CA sig

  33. CERTIFICATES • identity • validity • CA sig

  34. CERTIFICATES • identity • validity • CA sig

  35. CERTIFICATES • identity • validity • CA sig

  36. TRUST CHAIN

  37. TRUST CHAIN

  38. TRUST CHAIN

  39. CERTIFICATES • trust chain

  40. CERTIFICATES • trust chain • host name/service

  41. CERTIFICATES • trust chain • host name/service • already/still valid?

  42. DISABLE • SSL 2.0

  43. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

  44. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

    • TLS compression

  45. CIPHER SUITES

  46. CIPHER

  47. CIPHER Cipher

  48. CIPHER Cipher Plaintext

  49. CIPHER Cipher Plaintext

  50. CIPHER Cipher Ciphertext Plaintext

  51. Ciphertext CIPHER Cipher Plaintext

  52. CIPHER: MODE

  53. CIPHER: MODE • CBC

  54. CIPHER: MODE • CBC • stream ciphers

  55. CIPHER: MODE • CBC • stream ciphers • GCM

  56. ENCRYPTION: PREFER THIS

  57. ENCRYPTION: PREFER THIS AES128-GCM &

  58. ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20

  59. ENCRYPTION: FALL BACK TO AES128-CBC

  60. ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC

  61. ENCRYPTION: EOL

  62. ENCRYPTION: DANGEROUS • EXP-*

  63. ENCRYPTION: DANGEROUS • EXP-* • DES

  64. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  65. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  66. KEY EXCHANGE

  67. KEY EXCHANGE fast PFS RSA ✔️ ❌

  68. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

  69. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  70. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  71. INTEGRITY: MACS • Message Authentication Code

  72. INTEGRITY: MACS • Message Authentication Code • HMAC

  73. INTEGRITY: MACS • Message Authentication Code • HMAC • GCM

  74. HAVE THE LAST WORD

  75. YOU’RE DONE!

  76. YOU’RE DONE! (but test your results!)

  77. CERTIFICATE

  78. CERTIFICATE

  79. CERTIFICATE

  80. CERTIFICATE

  81. CERTIFICATE

  82. CERTIFICATE

  83. CERTIFICATE

  84. PROTOCOLS

  85. PROTOCOLS

  86. PROTOCOLS

  87. PROTOCOLS

  88. CIPHER SUITES

  89. CIPHER SUITES

  90. CIPHER SUITES

  91. CIPHER SUITES

  92. CIPHER SUITES

  93. CIPHER SUITES

  94. CIPHER SUITES

  95. CIPHER SUITES

  96. CLIENTS

  97. YOU HAD ONE JOB!

  98. YOU HAD ONE JOB! VERIFY!

  99. VERIFY THE CERTIFICATE! • valid?

  100. VERIFY THE CERTIFICATE! • valid? • trustworthy chain?

  101. VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct

    hostname/service?

  102. TRUST CHAIN

  103. TRUST CHAIN • VERIFY_PEER

  104. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent

  105. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent •

    SSL_CTX_set_default_ verify_paths

  106. SYSTEM CA • FreeBSD: ca_root_nss

  107. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates

  108. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew

  109. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore

  110. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi

  111. HOSTNAME VERIFICATION OpenSSL to developers:

  112. HOSTNAME VERIFICATION OpenSSL to developers: LOL

  113. DON’T VERIFY TRUST CHAIN I can pretend to be Google

    with any self-signed certificate.

  114. DON’T VERIFY HOSTNAME I can pretend to be Google with

    any valid certificate.
  115. None

  116. SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0

  117. THAT’S ALL!

  118. USERS

  119. FUNDAMENTAL MISCONCEPTIONS

  120. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security

  121. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata

  122. VPN?

  123. VPN? • sees all your traffic

  124. VPN? • sees all your traffic • same for CDN

  125. CERTIFICATE WARNINIGS

  126. CERTIFICATE WARNINIGS

  127. ROOT CERTIFICATE POISONING

  128. TRUST ISSUES

  129. TRUST ISSUES

  130. TRUST ISSUES

  131. TRUST ISSUES

  132. TRUST ISSUES • hacked

  133. TRUST ISSUES • hacked • screw up

  134. TRUST ISSUES • hacked • screw up • court orders

  135. TRUST ISSUES • hacked • screw up • court orders

    • big corp
  136. None

  137. DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule

    of Thumb

  138. STANDARD LIBRARY VS. PYOPENSSL

  139. STANDARD LIBRARY

  140. STANDARD LIBRARY • terrible pre-3.3

  141. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

  142. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible

  143. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options

  144. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options • bound to Python’s OpenSSL

  145. HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install

    backports.ssl_match_hostname

  146. PYOPENSSL

  147. PYOPENSSL • Python 2.6+, 3.2+, and PyPy

  148. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage

  149. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage • PyCA cryptography!

  150. CRYPTOGRAPHY.IO

  151. CRYPTOGRAPHY.IO • Python crypto w/o footguns

  152. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA

  153. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI

  154. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI • gives pyOpenSSL momentum

  155. HOSTNAME VERIFICATION service_identity

  156. LIBRARIES & FRAMEWORKS

  157. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌

  158. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️

  159. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  160. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  161. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌

  162. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌

  163. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️

  164. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌

  165. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️

  166. SUMMARY

  167. SUMMARY • keep TLS out of Python if you can

  168. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS

  169. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted

  170. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL

  171. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients

  172. WHY SORRY?

  173. IMPLEMENTATIONS

  174. IMPLEMENTATIONS

  175. USERS

  176. USERS • run outdated software

  177. USERS • run outdated software • click certificate warnings away

  178. USERS • run outdated software • click certificate warnings away

    • are at the mercy of 3rd parties

  179. SERVERS

  180. SERVERS

  181. CLIENTS

  182. PYTHON Is at the forefront of terrible.

  183. HOPE

  184. HOPE • people care again

  185. HOPE • people care again • stdlib

  186. HOPE • people care again • stdlib • PyCA

  187. CALLS TO ACTION

  188. CALLS TO ACTION

  189. CALLS TO ACTION

  190. CALLS TO ACTION

  191. CALLS TO ACTION

  192. ox.cx/t @hynek vrmd.de