The first few milliseconds of HTTPS

1761ecd7fe763583553dde43e62c47bd?s=47 Joshua Thijssen
January 08, 2014
93

The first few milliseconds of HTTPS

What happens when your browser connects to a HTTPS secure site? We all know it has to do something with certificates, blue and green address bars and sometimes your browser will give warnings which we normally click away. But what actually happens under the hood? In this talk I will give a step-by-step explanation on the first few hundred milliseconds during a connection to HTTPS. We will talk about master secrets, shared secrets, cipher suites, x509 certificates and why secure does not (always) mean secure. After this talk you not only can use HTTPS correctly, but also understand their basic foundations as well.

1761ecd7fe763583553dde43e62c47bd?s=128

Joshua Thijssen

January 08, 2014
Tweet

Transcript

  1. 2.

    2 Joshua Thijssen Freelance consultant, developer and trainer @ NoxLogic

    Founder of the Dutch Web Alliance Development in PHP, Python, C, Java. Lead developer of Saffire. Blog: http://adayinthelifeof.nl Email: jthijssen@noxlogic.nl Twitter: @jaytaph
  2. 3.

    ➡ What’s happening in the first 200+ milliseconds on a

    HTTPS connection. ➡ Give tips and hints on hardening your setup. ➡ Give you insights in new and upcoming technologies. ➡ Show you things to you (probably) didn’t knew. 3
  3. 4.

    This talk is inspired by a blogpost from Jeff Moser

    http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html Unknown fact! 4
  4. 10.

    2. HTTP Over TLS Conceptually, HTTP/TLS is very simple. Simply

    use HTTP over TLS precisely as you would use HTTP over TCP. 10
  5. 17.
  6. 19.

    then now feb 1995 SSL 2.0 Not-so-secure-socket-layer jun 1996 SSL

    3.0 Something stable! jan 1999 TLS 1.0 SSL 3.1 apr 2006 TLS 1.1 TLS 1.2 aug 2008 SSL 1.0 Vaporware 1994 19
  7. 22.

    ➡ Binary protocol - so no quick telnet-to-see-if-it-works* ➡ Different

    records ➡ Handshake protocol ➡ Alert protocol ➡ ChangeCipherSpec protocol ➡ Application protocol 22 * We can with openssl
  8. 25.

    25

  9. 26.

    26

  10. 33.

    openssl_pseudo_random_bytes() read from /dev/random read from /dev/urandom Use a HRNG

    “A million random digits” https://github.com/ircmaxell/RandomLib 33
  11. 34.

    34

  12. 36.

    TLS ECDHE_ECDSA WITH AES_128_GCM SHA256 Used for exchanging key information

    Used for authenticating key information Used for message authenticating Actual cipher (and length) used for communication Block cipher mode 36
  13. 40.
  14. 41.

    SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384

    \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Apache Nginx 41 https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
  15. 43.

    43

  16. 44.

    44

  17. 45.

    45

  18. 47.

    47

  19. 48.

    48 ➡ X.509 Certificate ➡ Owner info (who is this

    owner) ➡ Domain info (for which domain(s) is this certificate valid) ➡ Expiry info (from when to when is this certificate valid)
  20. 49.

    ➡ But.. what if somebody is lying in their SSL

    certificate? ➡ Changing some data in the certificate? 49
  21. 50.

    50

  22. 53.

    ➡ (Root) Certificate Authorities ➡ They are built into your

    browser / OS and you will automatically trust them. 53
  23. 55.

    ➡ We are forced to trust companies that make a

    living on selling as many certificates as possible.. ➡ It’s a flawed system, but the best we have :( 55
  24. 56.

    56

  25. 57.

    57

  26. 61.

    61 MASTER SECRET client write MAC client write KEY client

    write IV server write MAC server write KEY server write IV
  27. 63.

    63

  28. 64.

    64

  29. 65.

    65

  30. 66.

    66

  31. 67.

    67 Wireshark CAN decrypt your HTTPS traffic Unknown fact! SSLKEYLOGFILE

    https://isc.sans.edu/forums/diary/Psst+Your+Browser+Knows+All+Your+Secrets+/16415
  32. 69.

    69

  33. 70.

    ➡ TLS overhead ➡ Initial handshake (costly) ➡ 5+X bytes

    overhead 1 byte content-type, 2 byte TLS version, 2 byte data length, X bytes HMAC ➡ Encrypting / Decrypting ➡ HMAC integrity check 70
  34. 74.

    74

  35. 75.

    75

  36. 76.

    76

  37. 78.

    78

  38. 79.

    79

  39. 94.

    94 Find me on twitter: @jaytaph Find me for development

    and training: www.noxlogic.nl Find me on email: jthijssen@noxlogic.nl Find me for blogs: www.adayinthelifeof.nl http://joind.in/10397
  40. 95.

    95