Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Sorry State of SSL @ EuroPython 2014

Hynek Schlawack
July 22, 2014
Technology
1
350

The Sorry State of SSL @ EuroPython 2014

TLS is the best technology we have for securing our communications. It comes with many sharp edges though. This talk tries to jumpstart a rough understanding.

Hynek Schlawack

July 22, 2014
Tweet

More Decks by Hynek Schlawack

See All by Hynek Schlawack
Classy Abstractions @ Python Web Conf
hynek
0
130
On the Meaning of Version Numbers
hynek
0
260
Maintaining a Python Project When It’s Not Your Job
hynek
1
2.3k
How to Write Deployment-friendly Applications
hynek
0
2.5k
Solid Snakes or: How to Take 5 Weeks of Vacation
hynek
2
5.7k
Get Instrumented: How Prometheus Can Unify Your Metrics
hynek
4
11k
Beyond grep – PyCon JP
hynek
1
3.1k
Beyond grep – EuroPython Edition
hynek
1
10k
Beyond grep: Practical Logging and Metrics
hynek
3
1.2k

Other Decks in Technology

See All in Technology
M5と自作基板をくっつけてみた〜M5 Japan Tour 2024 Spring 福冈 (Fukuoka|福岡)〜
keropiyo
0
140
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
5
18k
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
460
M5stackで使用できるpHセンサの開発
shinrinakamura
0
180
開発パフォーマンスを最大化するための開発体制
ham0215
7
1.1k
Microsoft for Startups Founders Hub_20240429 update
daikikanemitsu
1
2.4k
Improve Your Development Workflow with Gemini Code Assist
meteatamel
0
130
Além do else! Categorizando Pokemóns com Pattern Matching no JavaScript
wmsbill
0
710
AWS学習者向けにAzureの解説スライドを作成した話
handy
3
190
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
250
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
8
620
MixIT 2024 - Pulumi : Gérer son infra avec son langage de programmation préféré
ju_hnny5
1
120

Featured

See All Featured
Done Done
chrislema
178
15k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
Building Applications with DynamoDB
mza
88
5.6k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Unsuck your backbone
ammeep
663
57k
[RailsConf 2023] Rails as a piece of cake
palkan
27
4k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3.1k
Testing 201, or: Great Expectations
jmmastey
30
6.4k
Code Review Best Practice
trishagee
56
15k

Transcript

  1. THE SORRY STATE OF SSL Hynek Schlawack

  2. @hynek https://hynek.me https://github.com/hynek Guten Tag!

  3. None

  4. https://www.variomedia.de

  5. None
  6. None
  7. None

  8. ONLY LINK ox.cx/t

  9. WTF

  10. WTF SSL

  11. WTF SSL & TLS

  12. TIMELINE

  13. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape

  14. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape

  15. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF

  16. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1

  17. TIMELINE 1995: Secure Sockets Layer 2.0, Netscape 1996: SSL 3.0,

    still Netscape 1999: Transport Layer Security 1.0, IETF 2006: TLS 1.1 2008: TLS 1.2

  18. 2013

  19. 2013 • newfound scrutiny

  20. 2013 • newfound scrutiny • browsers add TLS 1.2

  21. 2013 • newfound scrutiny • browsers add TLS 1.2 •

    just using TLS not enough

  22. TLS

  23. TLS • identity

  24. TLS • identity • confidentiality

  25. TLS • identity • confidentiality • integrity

  26. TLS HYGIENE

  27. SERVERS

  28. 1.0.1c 2.4.0 1.0.6 or 1.1.0 • OpenSSL >= • Apache

    >= • nginx >= BE UP-TO-DATE

  29. • OpenSSL >= • Apache >= • nginx >= 1.0.1h

    2.4.9 1.4.7 BE UP-TO-DATE

  30. CERTIFICATES • identity • validity

  31. CERTIFICATES • identity • validity • CA sig

  32. CERTIFICATES • identity • validity • CA sig

  33. CERTIFICATES • identity • validity • CA sig

  34. CERTIFICATES • identity • validity • CA sig

  35. CERTIFICATES • identity • validity • CA sig

  36. TRUST CHAIN

  37. TRUST CHAIN

  38. TRUST CHAIN

  39. CERTIFICATES • trust chain

  40. CERTIFICATES • trust chain • host name/service

  41. CERTIFICATES • trust chain • host name/service • already/still valid?

  42. DISABLE • SSL 2.0

  43. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

  44. DISABLE • SSL 2.0 • SSL 3.0 (if you can)

    • TLS compression

  45. CIPHER SUITES

  46. CIPHER

  47. CIPHER Cipher

  48. CIPHER Cipher Plaintext

  49. CIPHER Cipher Plaintext

  50. CIPHER Cipher Ciphertext Plaintext

  51. Ciphertext CIPHER Cipher Plaintext

  52. CIPHER: MODE

  53. CIPHER: MODE • CBC

  54. CIPHER: MODE • CBC • stream ciphers

  55. CIPHER: MODE • CBC • stream ciphers • GCM

  56. ENCRYPTION: PREFER THIS

  57. ENCRYPTION: PREFER THIS AES128-GCM &

  58. ENCRYPTION: PREFER THIS AES128-GCM & ChaCha20

  59. ENCRYPTION: FALL BACK TO AES128-CBC

  60. ENCRYPTION: IF LIFE IS CRUEL TO YOU 3DES-CBC

  61. ENCRYPTION: EOL

  62. ENCRYPTION: DANGEROUS • EXP-*

  63. ENCRYPTION: DANGEROUS • EXP-* • DES

  64. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  65. ENCRYPTION: DANGEROUS • EXP-* • DES • RC4

  66. KEY EXCHANGE

  67. KEY EXCHANGE fast PFS RSA ✔️ ❌

  68. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

  69. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  70. KEY EXCHANGE fast PFS RSA ✔️ ❌ DHE ❌ ✔️

    ECDHE ✔️ ✔️

  71. INTEGRITY: MACS • Message Authentication Code

  72. INTEGRITY: MACS • Message Authentication Code • HMAC

  73. INTEGRITY: MACS • Message Authentication Code • HMAC • GCM

  74. HAVE THE LAST WORD

  75. YOU’RE DONE!

  76. YOU’RE DONE! (but test your results!)

  77. CERTIFICATE

  78. CERTIFICATE

  79. CERTIFICATE

  80. CERTIFICATE

  81. CERTIFICATE

  82. CERTIFICATE

  83. CERTIFICATE

  84. PROTOCOLS

  85. PROTOCOLS

  86. PROTOCOLS

  87. PROTOCOLS

  88. CIPHER SUITES

  89. CIPHER SUITES

  90. CIPHER SUITES

  91. CIPHER SUITES

  92. CIPHER SUITES

  93. CIPHER SUITES

  94. CIPHER SUITES

  95. CIPHER SUITES

  96. CLIENTS

  97. YOU HAD ONE JOB!

  98. YOU HAD ONE JOB! VERIFY!

  99. VERIFY THE CERTIFICATE! • valid?

  100. VERIFY THE CERTIFICATE! • valid? • trustworthy chain?

  101. VERIFY THE CERTIFICATE! • valid? • trustworthy chain? • correct

    hostname/service?

  102. TRUST CHAIN

  103. TRUST CHAIN • VERIFY_PEER

  104. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent

  105. TRUST CHAIN • VERIFY_PEER • trust stores OS dependent •

    SSL_CTX_set_default_ verify_paths

  106. SYSTEM CA • FreeBSD: ca_root_nss

  107. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates

  108. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew

  109. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore

  110. SYSTEM CA • FreeBSD: ca_root_nss • debian/Red Hat: ca-certificates •

    OS X: TEA or homebrew • Windows: wincertstore • or: Mozilla/certifi

  111. HOSTNAME VERIFICATION OpenSSL to developers:

  112. HOSTNAME VERIFICATION OpenSSL to developers: LOL

  113. DON’T VERIFY TRUST CHAIN I can pretend to be Google

    with any self-signed certificate.

  114. DON’T VERIFY HOSTNAME I can pretend to be Google with

    any valid certificate.
  115. None

  116. SET SOME OPTIONS • acceptable ciphers • disable SSL 2.0

  117. THAT’S ALL!

  118. USERS

  119. FUNDAMENTAL MISCONCEPTIONS

  120. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security

  121. FUNDAMENTAL MISCONCEPTIONS • no end-to-end security • metadata

  122. VPN?

  123. VPN? • sees all your traffic

  124. VPN? • sees all your traffic • same for CDN

  125. CERTIFICATE WARNINIGS

  126. CERTIFICATE WARNINIGS

  127. ROOT CERTIFICATE POISONING

  128. TRUST ISSUES

  129. TRUST ISSUES

  130. TRUST ISSUES

  131. TRUST ISSUES

  132. TRUST ISSUES • hacked

  133. TRUST ISSUES • hacked • screw up

  134. TRUST ISSUES • hacked • screw up • court orders

  135. TRUST ISSUES • hacked • screw up • court orders

    • big corp
  136. None

  137. DON’T DO IT YOURSELF IF YOU CAN HELP IT. Rule

    of Thumb

  138. STANDARD LIBRARY VS. PYOPENSSL

  139. STANDARD LIBRARY

  140. STANDARD LIBRARY • terrible pre-3.3

  141. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

  142. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible

  143. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options

  144. STANDARD LIBRARY • terrible pre-3.3 • very incomplete in 2.7

    • PFS impossible • missing options • bound to Python’s OpenSSL

  145. HOSTNAME VERIFICATION 3.2– from ssl import match_hostname 2.4–2.7 pip install

    backports.ssl_match_hostname

  146. PYOPENSSL

  147. PYOPENSSL • Python 2.6+, 3.2+, and PyPy

  148. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage

  149. PYOPENSSL • Python 2.6+, 3.2+, and PyPy • more complete

    API coverage • PyCA cryptography!

  150. CRYPTOGRAPHY.IO

  151. CRYPTOGRAPHY.IO • Python crypto w/o footguns

  152. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA

  153. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI

  154. CRYPTOGRAPHY.IO • Python crypto w/o footguns • PyCA • PyPy

    ♥ CFFI • gives pyOpenSSL momentum

  155. HOSTNAME VERIFICATION service_identity

  156. LIBRARIES & FRAMEWORKS

  157. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌

  158. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️

  159. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  160. SERVERS lib PFS good defaults configurable eventlet hybrid ❌ ❌

    ❌ gevent stdlib ❌ ❌ ❌ gunicorn depends ❌ ❌ ❌ Tornado stdlib ❌ ❌ ❌ Twisted 14.0 pyOpenSSL ✔️ ✔️ ✔️ uWSGI own C code ✔️ ❌ ✔️

  161. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌

  162. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌

  163. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️

  164. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌

  165. CLIENTS lib verifies certificates verifies hostnames good defaults eventlet hybrid

    ❌ ❌ ❌ gevent stdlib ❌ ❌ ❌ Tornado stdlib ✔️ ✔️ ❌ Twisted 14.0 pyOpenSSL depends depends ✔️ urllib2 stdlib ❌ ❌ ❌ urllib3/requests hybrid ✔️ ✔️ ✔️

  166. SUMMARY

  167. SUMMARY • keep TLS out of Python if you can

  168. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS

  169. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted

  170. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL

  171. SUMMARY • keep TLS out of Python if you can

    • use pyOpenSSL-powered requests for HTTPS • write servers in Twisted • use pyOpenSSL • use Python 2 stdlib only for clients

  172. WHY SORRY?

  173. IMPLEMENTATIONS

  174. IMPLEMENTATIONS

  175. USERS

  176. USERS • run outdated software

  177. USERS • run outdated software • click certificate warnings away

  178. USERS • run outdated software • click certificate warnings away

    • are at the mercy of 3rd parties

  179. SERVERS

  180. SERVERS

  181. CLIENTS

  182. PYTHON Is at the forefront of terrible.

  183. HOPE

  184. HOPE • people care again

  185. HOPE • people care again • stdlib

  186. HOPE • people care again • stdlib • PyCA

  187. CALLS TO ACTION

  188. CALLS TO ACTION

  189. CALLS TO ACTION

  190. CALLS TO ACTION

  191. CALLS TO ACTION

  192. ox.cx/t @hynek vrmd.de